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Abstract 



We present here some results of applying the Cayley-Dickson process to certain alternative algebras 
(notably built upon Galois fields and congruence rings), in a manner which might yield new building 
blocks for cryptographic systems. The results presented here are technical but not inherently difficult. 
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Introduction 



The idea of applying the Cayley-Dickson process to Galois fields is not new (^J ^1 OOI)- Find- 
ing the number of units and unimodular elements of the resulting structure, and of iterations of the 
doubling procedure on the base Galois field, is a simple application of a classical exercise ([3]), as we 
show here, but the relevance of the diophantine equations which are classically presented, to the alge- 
braic structures we are interested in, is not readily apparent in the published literature. Similar results, 
but using congruence rings as starting points rather than fields (for possible uses in cryptographic sys- 
tems), are presented here, for what we believe is the first time. One key ingredient of this extension is 
|1.3Cayley-Dickson for morphisms, and consequencestheorcm.l.S) which we believe is new. We focus on enu- 
meration properties rather than the classification and comparison questions which are extensively studied 
elsewhere, at least for algebras over fields C [T^ 1^ 151 1 ^ ) . 

We would like to emphasize the fact that what we present here is at the confluence of several rather 
distinct mathematical traditions, whose terminologies and notations are sometimes incompatible. We have 
therefore been led to make choices, and to be sometimes rather verbose so as to disambiguate the notion 
used. It would be worth one's while to take a look at the appendices, if only to ascertain the meaning we 
have chosen here for some terms. 

1 Abstract Cayley objects 

1.1 Definitions and elementary properties 
1.1.1 Order and index 

Let (5, x) be a di-associative LP. loop, whose neutral clement we will denote by e. For a; e S" we can 
define the set = {u"- \ n e 1}. 

Puj is an abelian group and ["E P^]n t—^ w"] is a group homomorphism. We can therefore define lu to 
be of infinite order if that homomorphism is injective, and to be of finite order card(P[^) otherwise. These 
definitions are consistent with their counterparts for groups. Note that if uj is of finite order a, then for any 
P ^ Wi, u!^ is also of finite order, that order being a/ PGCD(a, /?), as (P^j, x) is an abelian group (recal that 
PGCD(a, f3) designates the least common multiple of a and /3). 

Puj also is a subloop of {S, x), and we define the two following binary relations on S: 

(V(a;,y) e S^) [xV^y^ a; x e P„ 4=^ (3 n e Z) a; = x y] 
(V(a;,y) £ S'^) [xV^y^ x-'^ x y e P^ ^ {3n e W.) y = lj" x x] 

Proposition 1.1: 

and are equivalency relations on S, the inversion is a bijection from S/V^ to S/V^ and any element 
of S/V^ is equipotent to P^j. $ 

Proof: We only indicate the proof that P^f^ is an equivalency relation, as the one for P^ is perfectly similar. 
{y X € S) x X x^^ — x^^ X X ^ e = oj''' E P^ and hence P^ is reflexive. 

Let X G S and y G S such that x y. Then {3n G Wi) x — ut" x y, so y — x x, since we are in an 
LP. loop (and w"" = (u;")~^ because of the loop di- associativity). Thus is symmetrical. 

Let x G S, y G S and z G S such that xV^ y and yV^ z. Then (3 n € Z) a; = x y and (3 m e Z) y = 
X z, but then x — oj"^ x (w™ x z) = x z thanks to the di-associativity. Thus is transitive. 

This concludes the proof that is an equivalency relation; 

Let X G S and y G S such that xV^y. Then (3 n e Z) xxy~^ = w", so [y^^]^^ x (a;^^) = yxx^^ ~ w^", 
which means that y-^V^x-^, and the inversion is a bijection from SjV^ to S'/T'^. 

Let now Y G SjV^ and y gY ^ and consider (\)y : P^ ^ S\ z ^ zxy . Since we are in a loop, 0y is injective, 
and since the loop is di-associative, takes its values in Y . Furthermore, Six GY , then x = w""' x y for some 
Ux G Wi, so xxy~^ — w"^ , thanks to the LP. of the loop. But then (f)y{uo"-^) — (t)y{xxy~^) — {xxy~^)xy — y, 
again because we are LP., and thus 4>y is surjective. Finally, 4>y is bijective. $ 

Remark: There is no reason for the left and right cosets to agree, in particular there is no reason for P^ to 
be a normal subloop of S. 
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If either S/V^ or S/V^ is finite, then the other one is too, and they have the same cardinal; in that case 
we will call that cardinal the index of P^^ in S, and denote it by [S : Puj]. This definition is also consistent 
with its counterpart for groups. 

1.1.2 Conjugation 

Recall (12) that, given a commutative and associative ring with unit (A, +,.) and (i?, +, x,-) an A- 
algebra with unit, with neutral element e, a conjugation over E is any function a : E —t E which is bijective, 
A-linear and such that: 

1. a{e) — e. 

2. iy [x,y) £ E"^) a{x x y) ~ <j{y) x <j{x) {beware the interversion of x and y\). 

3. (Vx e E) (x + a{x)) e A-e. 

4. (Vx e E) {xx a{x)) e A - e. 

These properties imply^ (Vx g i?) a; x (j{x) = a{x) x x and^ x E) {a o <j){x) — x. 

Note that \i E = A, the identity function is always a conjugation, but that otherwise there is no guaranty 
a conjugation can exist. Note also that while, for a given x ^ E, there exists T £ A and N G A such that 
=%(a::) = T ■ e and --/(^(a;) = N ■ e, T and may happen not to be unique fsee IA.2|I . We will also write x 
for a{x) when no confusion is to be feared. 

1.1.3 Cayley Algebra 

Recall (0) that, given a commutative and associative ring with unit {A, +, .) a Cayley algebra over A is 
a structure (E, +, x , •, cr), where +, x , •) is an A-algebra with unit, and cr is a conjugation over E. 

Given {E, +, x , •, cr) an A-Cayley algebra and T G E, we will say T is a sub-Cayley algebra if and only 
if it is a sub-algebra of an algebra with unit, of E, and it is stable by conjugation {i.e. (Vx S T) a{x) e T). 

On a Cayley algebra, it is convenient to consider the Cayley trace and Cayley norm^ defined respectively 
by £^e{x) = X + cr{x) and ./(^(x) = x x a{x). 

We have the following important relations valid for all elements: 

^e{<j{x)) = .Te{x) (1) 

^e{<j{x)) = ^b(x) (2) 

X x) = =%(x X y) (3) 

5'b(x X a{y)) = .^E{y x cr(x)) = ^b(x) x J?E(y) - J?e(x x y) = ,yKB(x + y) - ^£;(x) - ^^(y) (4) 

= ^b(x) X x-^(x) (5) 

Relation Q is especially noteworthy in light of the fact that no commutativity or associativity has been 
assumed*. By contrast, in absence of any form of associativity (or commutativity), little more can be proved 
about the Cayley norm^, apart from the following proposition (where ModA(x,?/) denotes the A- module 
generated by x € and y E E, and e denotes the neutral element of E): 

Proposition 1.2: 

Civen x £ E, Mod^(e,x) is stable for "x "; it is a sub-Cayley algebra of E which is both associative and 
commutative. Furthermore (Vm S N) ./(^(x") — (./(^(x))". $ 

^{x + cr(x)) G j4 ■ e =► X X o'(x) = X X {x + (7(x)) — x X x = {x + (^(x)) X x — x X x = a-{x) X x. 

^Given x £ E, there exists a £ A such that x + cr(x) = a-e; the A-hnearity of cr then imphes a-{x) + {aoa){x) = cr(a;-|-cr(a;)) = 
a ■ <y{e), and finally, a{e) = e. 

•^Yet another unfortunate collision of terms, as this "norm" is actually quadratic... 

*It is established by noticing that Se{x x y) = x X y + {.^Eitj) — 3/) X {.^Eix) — x) and that therefore 
{x)xy + .9e {y)xx + {.9E{xxy)-.9E{x)x.9E{y))=xxy^yxx = g-E{y)xx^.9E{x)xy + {3-E{yxx)- .9e (y) x .^e (x))- 
®See|C]for a discussion of what one might want out of a "norm" . It should be noted that (V (x,y) G E'^) jVe i^^u) = ^E(y^^) 

may happen even when E is not alternative (where this is always true; see |1 . 4Cayley Algcbraproposition. 1 . 4} , for instance in 

the case of the hexadecimalions. 
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Proof: This is a direct application of Q, which we rewrite as = T ■ x — N ■ e, with T ^ A such that 
3^e{x) = T • e and N £ A such that ^(.t) = • e. 

The last statement of the proposition is proved by induction. $ 

Remark: Given x E E, (Vn G N) a;" G Mod^(e, x), and we have: 

(Vn G ]N)(Vm G N) a;"+" = .t" x x" = x x" 

which is just property ljA'|l of lA.l.Sl under different notations. 

Invertible elements have a few more properties: 
Proposition 1.3: 

If X £ E has an inverse for "x ", then Modyi(e, x, is stable for "x "; it is a sub-Cayley algebra of E 

which is both associative and commutative. $ 

Proof: Yet another easy consequence of applied to x as well as to x^^, and the definition of the inverse. $ 

Remark: With no assumption of associativity for E, not much can be said about the relationship between 
the Cayley norms of x and of x~^ in |1 . 3Cayley Algebraproposition. 1 . 3] However, if we know that J^Eix) is 
invertible in A • e, then of course x is invertible in E and x^^ = ^e{x) ^ ■ a{x). 

With some rather weak hypotheses, however, we can improve the situation, as is well known (|2]): 
Proposition 1.4: 

Let (A, +, .) be a commutative and associative ring with unit, and {E, +, x , •, tr) an alternative Cayley algebra 
over A, with neutral element e. An element x € E is invertible if and only if JVe{x) is invertible in A - e, in 
which case the inverse of x is .yVE{x)^^ ■ (7{x), and yioAA(e,x) is an abelian group. Furthermore, (E, x) is 
di- associative and we have (y x (z E)(y y £ E) ^e{x x y) — ^e{x) x y^Eiy)- $ 

Remark: The di-associativity of {E, x) as a magma (see lA. 2.21 ensures that 

(Vx G i;)(Vy G £;)(Vn G N)(Vm G N)(Vp G N)(Vg G N) x"+™xyP+« = x™x (a;"xyP+9) = (a;"+"xyP)xy«) 

which is just (|B'|) of lA.l.Sl under different notations. 

Alternative Cayley algebras also enjoy a few other nice properties^. 
Proposition 1.5: 

Let {A, +, .) be a commutative and associative ring with unit, and {E, +, x , •, cr) an alternative Cayley algebra 
over A, with neutral element e. Let E* the elements of E which have an inverse for "x ", then {E* , x) is a 
Moufang loop. $ 

Proof: An alternative algebra being di-associative, {E* , x) is a di-associative magma with unit. By defini- 
tion, every x G E* has an inverse x^^, and since E is an alternative Cayley algebra, x^^ — ^e{x) and 
{3T € A) cr(x) = T-e—x, so (3 (a,/3) G A"^) x~^ = a-e+P-x. Therefore, x~-^x(xxy) — (a-e+/3-x) x (xxy) = 
{a ■ x) X y + /3 ■ {x X {x X y)), but since the algebra is alternative, x x (x x y) = (x x x) x y, and we finaly 
see that x~^ x {x x y) — {x^^ x x) x y — y. We likewise prove that {y x x) x x^^ ~ y. This proves that E* 
is a quasigroup, hence a loop since it has a neutral element, and has the I. P. property. 

Using I A . 4 Alternative ringsproposit ion . A . 4| we find that the loop is actually a Moufang loop. $ 

Remark: If E is actually associative, then of course E* is a group. 

Remark: As a consequence of the di-associativity of loops, we have 

(Vx G G £;*)(Vn G Z)(Vm G Z)(Vp G K)(Vg G x"+"xyf+« = x"x(x" xyP+«) = (x"+'" xyP) xy") 

which is just (|B"|) of lA.l.Sl under different notations. 

Remark: The material developed in II. 1.11 applies to E* . In particular, if card(i?*) is finite we have 
(yuj G E*) card(i;*) = [E* : P^] card(F^). 



°This is a special case of the theorem which states that the invertible elements of an alternative ring with unit arc a Moufang 
loop (13); we only give a proof here because it is slightly simpler than the general case. 
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1.1.4 Cayley Morphism 

Given two Cayley algebras {E, +, x , •, cr) and (i^, f , *, •, s) on a same commutative and associative ring 
with unit +,.), a function : E' — s- _F is a (homo) morphism of Cayley algebras (or simply a Cay- 
ley (homo) morphism) if and only if it is a (homo)morphism of algebras with unit and that furthermore 
(y X € E) (f)(a{x)) = s(0(x)). Monomorphism, epimorphisms, isomorphisms, endomorphisms and automor- 
phisms of Cayley algebras are built from homomorphism of Cayley algebras in the usual manner. 

As a matter of practicality, it is useful to note that a Cayley morphism which is an isomorphism of 
algebras with unit, actually is a Cayley isomorphism, as is trivially seen. 

One verifies immediately that one has a category (as per Jl]) (which we will call CAlg here) by consid- 
ering Cayley algebras as objects, Cayley morphisms as arrows, and the usual composition of functions as 
composition of arrows. Of course, if we denote by UAlg the category of algebras with unit and corresponding 
classical morphisms of algebras with units, then associating every Cayley algebra with its underlying algebra 
with unit, and every Cayley algebra morphism with its underlying morphism of algebra with unit, yields a 
covariant functor from CAlg to UAlg (a stripping functor). 

1.2 The Cayley-Dickson process 
1.2.1 A fundamental shortcoming 

A major problem with CAlg, as categories go, is that products may fail to exist, if we want the product 
to be compatible with the stripping functor of 11.1.41 

Consider the following Cayley algebra over R: {E, +,x,-,a) — (R, x,+,x, id-R), with the identity 
function on R. Assume we have built the product of E with itself, yielding (G, ffl, Kl, (S)). Since we want 
the product creation to be compatible with the stripping functor, we see at once that (G, ffl, Kl, □) must be 
the product algebra of {E,+, x,-) with itself, and that the Cayley algebra morphisms from from G to E 
(as first component) and E (as second component) must be the projections of the algebra G onto E. Hence 
{x, y) ffl (a;', y') = {x + x' ,y + y'), (x, y) M {x' , y') = [xx' ,yy') (with (1,1) being the neutral element for "H"), 
A m (x, y) = (Ax, Xy) and ®{{x, y)) = {x, y). But then (1, 2) M ©((1, 2)) = (1, 4) ^ R □ (1, 1). 

There are interesting cases, however, where products do exist, which are compatible with the stripping 
functor: 

Theorem 1.1 (Dominated Product): 

Let I he a set, ({Ei,+i^ Xi, h, '^i))iei family of Cayley algebras on a same commutative and associative 
ring with unit (A, -|-,.), and (i?, +, x,-) the product algebra of that family, seen as mere algebras with unit. 
If there exists a Cayley algebra (F, f , *, s) and a family of Cayley morphisms {(j)i)i(zi, with : F Ei for 
all i Cz I , such that the morphism of algebras with unit ^ : F E;y i—* {(t>i{y))iei is surjective, then the 
function a : E ^ E; (xi)ig/ i-^ {o'i{xi))i(zi is a conjugation on {E, +, x , •), (E, -f, x , •, a) is a Cayley algebra, 
for all i ^ I the projections of E onto Ei is a Cayley epimorphism and ^ is a Cayley epimorphism. $ 

Proof: It is obvious that a is an A-linear involution (and thus bijective). Given {xi)i^j G E and (x'^i^i G E, 
CT((xi)jg/ X (a;-)je/) = ^((a;^ x^ a;-)«e/) = {(^lixi x^ a:-))^^/ = {cri{x'^ x, cri(a;^))^g/ = cr((a;-)jg/) x a{(x,)i(zi). 

Let y G F. we see that cr($(y)) = a{{(j)i{y))i^j) — [ai{<f)i{y)))i(zi , but since all the 0^ are Cayley 
morphisms, {ai{(j)i{y)))i(zi = {(j)i{s{y)))i^i = $(s(?/)), and thus cr{<P{y)) = ^'(s(y)). 

Let {xi)i£i G E; since $ is surjective, there exists y G F such that ^{y) = {xi)i^i. We see then that 
{xi)iei + cr{{xi)iei) = ^{y) + (j{<^{y)), but we have just proved that cr($(y)) = $(s(?/)), so $(?/) + cr($(y)) = 
<^{y) + <i>(s(y)), and since $ is v4-linear, <&(?/) + <^{s{y)) = $(y f s{y)). As (F, f, *, •, s) is a Cayley algebra, 
there exists a G A such that, writing s for the neutral element of -F, j/ f s{y) — au e. Since $ is ^-linear, we 
find at once that $(y f s{y)) — a ■ (f>(e) — a ■ {(j>i{e))i^i and, denoting by e.^ the neutral element of Ei (for 
each i), a ■ {(j)i{e))i!^i = a ■ {ei)i^i since the are all Cayley morphisms. Since e = (ei)ig/ is the neutral 
element for E, we have proved that {xi)i^i + a(^(^Xi)i^i) is the (external) product the neutral clement of E 
by of an element of A. We show in exactly the same way that (xj),^/ x a-{{xi)i^j) is the (external) product 
the neutral element of E by of an element of A. 

This proves that cr is a conjugation, and thus that [E, + , x ,-, cr) is a Cayley algebra. We have also shown 
that <&, which is a morphism of algebra with unit, verifies a{^{y)) — ^{s{y)), so is a Cayley morphism. 
Since we have assumed $ to be surjective, it is a Cayley epimorphism. 

The fact that for alH G / the projections of E onto Ei is a Cayley epimorphism is trivial. $ 
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1.2.2 Cayley-Dickson for algebras 

This well-known procedure is a way around the shortcoming described in 11.2.11 Notably, there is no 
compatibility with the stripping functor of II. 1.41 (though there is compatibility if we strip all the way to the 
module), and only the product of a Cayley algebra with itself is defined. We present here a version wich 
differ only in notation from that of |2j. Note that for our intended uses, we must consider algebras over rings 
which may happen not to be fields (in contrast to, e.g. 5 ). 

Let (A, +, .) be a commutative and associative ring with unit (with neutral element 1), and {E, +, x , •, ct) 
a Cayley algebra over A (with neutral elements e and for "x" and "+" respectively). Let F = E X E, 
£ = (e,0) e F, and choose an element C, ^ A. Define now 

f: FXF ~* F 

{{x,y),(x',y')) {x + x',y + y') 

*: FXF ^ F 

{{x,y),{x ,y')) i-> {x^x ~C-{(^{y')^y),y^(^{x')+y' ^x) 
• : AXF F 

(A, (a;,y)) ^ {X-x,X-y) 
s: F -> F 

{x,y) {cr{x),~y) 
The following proposition is entirely classical (0 and \V2\ ) 
Proposition 1.6 (Structure): 

(F, f,*,»,s) is a Cayley algebra over A, whose neutral element is e; F is commutative if and only if E is 
commutative and a is the identity on E; F is associative if and only E is both associative and commutative; 
F is alternative if and only if E is associative. 

Furthermore ^F{{x,y)) = (=%(a;),0) and ^F{{x,y)) = (^(x) + C ' -^(y), 0). $ 

An especially important use case of the Cayley-Dickson process is when we start with some associative 
and commutative ring with unit {A, .), and repeatedly iterate the process, starting with (F, -h, x, •, a) = 
{A, +, .,IdA), yielding Cayley algebra structures on A, AX A,... When we do thus with A = R, and choose 
C = 1 at each step, we build (D, H, (D, X (seeEJ. We will see other applications of this in the remainder 
of this text. In such cases, it is convenient to identify E with E X {0}, or F with a superset of E, at each 
step. This is one case where one sees at once that the Cayley norm and trace actually takes their values in 
the first rung, i.e. A, so we can drop the reference to precisely which algebra we consider when computing 
them (which makes for far more readable ^(x,?/)) = ■S^x) and yy{{x,y)) — .jy{x) + ( ■ ^y)). 

We will refer to the Cayley-Dickson process as "doubling" when no confusion is to be feared. 

1.2.3 Cayley-Dickson for morphisms, and consequences 
Theorem 1.2: 

Let (F, +, x,-,(t) and (F, f,*,»,s) be two Cayley algebras over the commutative and associative ring with 
unit (^, -f, .), and (p : E F an A-Cayley morphism. Let $ : EX E —t F X F; (x,y) t—y {(j){x) ^ 4'{y)) . For 
any a £ A, denote by (Fq,, +q,, Xq, CTq) (respectively (Fq, fa, Sa) ) the result of applying the Cayley- 

Dickson process to {E,+, x,-,ct) (respectively (F, t,*,»,s)j using a; then $ is also an A-Cayley morphism 
from Ea to Fa. $ 

Proof: The A-linearity of $ is trivial. 

$(tTct(x, ?/)) = ^{{a{x),—y)) = [(f){a{x)),4>{—y)), and as (j) is an A-Cayley morphism, (f)[a{x)) = s{(j){x)) 
and </)(-?/) = -(/)(y). Thus <^{aa{x,y)) = {s{(t>{x)),~4>{y)) = s„((/)(x), </)(?/)) = Sa($((x, ?/))). 

$((x, y) x-a t)) = ^{{x X z — a ■ {a{t) x y),y x a{z) + t x x)) 

= (cbix) * 0(z) - a . {s{(j){t)) * <^(y)), 0(y) * s{P{z)) + ^{t) * 4>{x)) 

^{^{x),ct>{y))*a {^{z),m) 
= $((x,2/))*„$((z,i)) 

This proves that $ is a Cayley morphism. $ 
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Remark: If 4> is injective, so is $; if 4> is surjective, so is 
Theorem 1.3: 

Let I be a set, {{Ei, +i, x^, -i, ai))i^i a family of C'ayley algebras on a same commutative and associative ring 
with unit (A,+,.), such that (E, x, ■, a), the product algebra of that family together with 
a : E E]{xi)i^i i--> [ai{xi))i^i form a Cayley algebra and that every projection of T:i : E ^ Ei is a 
Cayley (epi)morphism. 

Let a € A, and consider +«, Xa, 'a, era) (respectively {Ei^a, +i.on ^i.a, '1,0:, o'i^a)) the result of ap- 
plying the Cayley-Dickson process to {E,+,x,-,a) (respectively {Ei,+i,Xi,-i,(Ti)) using a, (F, f,*,») the 
product algebra of the family iE,^a,+i,a, ^i,a, ■i,a)iei and s : F F; {{xi,y{))i^i t-^ {(Ti,a{xi,yi))i<^i ■ Then 
s is a conjugation on F, (F, f,*,»,s) is a Cayley algebra, and ^ : Ea —> F; {{xi)i:^i , i-^ {{xi,yi)i^i) 

is a Cayley isomorphism from (-Eq, +«, x^, -q,, cTq) to f , *, •, s). $ 

Remark: |1.3Cayley-Dickson for morphisms, and consequencestheorem.l.3| simply states that, provided the 
product is dominated, the doubhng of a product of Cayley algebras is Cayley isomorphic to the product of 
the doubling of the algebras. 

Proof: |1.6Cayley-Dicks on for algebrasproposition.l.6| proves that {Eg, +a, Xg, -a, Cg) an d the {Ei^a, +i,a, 'Xi,a, '1,0, o'i,a) 
are Cayley algebras. [T'2CayIey^DicksoT^rTn^rphlg^ and conscquencestheorem.l.2| proves that all the 
Hi : Ea Ei^a, {x,y) ^ {■Ki{x),TTi{y)) are Cayley epimorphisms. 

$ as defined above is trivially an isomorphism of algebra with unit. Since it is, in particular, surjective, 
|1.1A fundamental shortcomingtheorem.l.l| proves s is a conjugation, [F, f , *, •, s) is a Cayley algebra and <i> 
is a Cayley epimorphism. And since $ is actually bijective, it is a Cayley isomorphism, as noted earlier. $ 



1.3 Unimodulars and Quadratic Residues 

Let {A, +, .) be a commutative and associative ring with unit, {E, +, x , •, cr) an alternative Cayley algebra 
over A (with neutral elements e and for "x" and "+" respectively), and = A-e. We know that {£/, +, x) 
is an associative and commutative ring with unit (with neutral element e), and denoting by £/* the elements 
of £/ which are invertible, we see at once that {£/*, x) is an abelian group. Furthermore, the Cayley norm 
takes its values in £/, and the Cayley norm, restricted to E* takes its values in s^* . 

Proposition 1.7: 

^e\e* ^■s ^oop homomorphism. $ 

Proof: This is merely a restatement of part of |1.4Cayley Algebraproposition.l.4| $ 

The unimodulars of E, which we will denote by He, are defined to be the kernel of i 
^E = {x G E* \jVe{x) — e}. This definition is of course consistent with what is defined under the same 
name in (D (and H and ©). It is known (^Hl) that the kernel of a loop homomorphism is a normal subloop. 
Among other consequences, this entails that left and right coset decompositions modulo He exist, that they 
coincide, and that all cosets are equipotent (even when the loop is not finite, as is readily seen). Furthermore, 
if E* happens to be finite, then card(£'*) = card(il£;) card(£'*/il_E) (where card(X) denotes the cardinal of 
the set X). Also, as E* is a di-associative LP. loop, then so is il_E, and thus the material of II. 1.11 apply (note 
that if w e He then C il^). In particular, if card(il£;) is finite we have (Vcj G He) card(il£;) = [its : 
P^]card(P<,). 

The quadratic residues of E, which wc will denote by 9^^;, are defined to be the range of J\^e\e' ■> 
fRij = {y G I (3a: e E*) ^(x) = y} = {y E* \ {3x & E*) J/'e{x) = y}. This definition is of course 
consistent with the classical definition of quadratic residues ([HI El •■•]), where one has E = A = TLjnTL for 
some non-zero integer n, and the conjugation is the identity. It is easy to verify'' that (5H_e, x) is an abelian 
subgroup of (^*, x). Since il^ is the kernel of .yVE\'%, and '^Ke is its range, we also know (^Bl) that "^e is 
loop-isomorphic (and hence group-isoniorphic) to E* /He- We have therefore proved the following: 

Proposition 1.8: 

If E is an alternative Cayley algebra and E* is finite, then is group-is amorphic to E*/Ue and 

card(£;*) = card(il£;)card(fn£;) 

card(<K£;) I £/* $ 

^The homomorphic image of a quasigroup into an associative quasigroup is a quasigroup ( 16 page 29]); the rest is immediate. 
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The following is also useful. 



Proposition 1.9: 

If E is an alternative Cayley algebra, [E —^ dKE^n > ./^^(a;")] is a group homomorphism; if in addition E* 
is finite, then (Va; G E*) c&T:(l(,yVE{Px)) \ card($H_B). $ 

Proof: Obviously, the range of the group homomorphism is ./(^(-Pe). $ 

Note that, in particular, if £' is a Galois Field, seen as an algebra over itself and with the identity for 
conjugation, the quadratic residues are simply the non-zero squares, and we have additional results. 

Proposition 1.10: 

Let E he a Galois Field such that card(-E) is even, then card(il£;) = 1, card(9l£;) — card(£^*) — card(£^) — 1; 
in particular, every non-zero element is a square. $ 

Proof: If card(i?) is even then [E ^ E;x i-^ x^] is a bijection as follows immediately from IB. 1.21 so 
= {If}; $ 

To deal with Galois fields of odd cardinal, we will first state a simple lemma. 
Lemma 1.1: 

Let E be a Galois Field such that card(i?) is odd, let ^ be a generator of E* , and let a G E* . 

The set {n G TL\a = 7"} is always non-empty. It contains either only even numbers or only odd numbers, 
a is a square if and only if {n Cz 'TL\a — 7"} contains only even numbers. $ 

Proof: The first statement is a direct consequence of the existence of generators for E* , and does not depend 
upon the parity of card(£^). 

Let no S K such that a — 7"°; we then have {n e N | a = 7"} ~ + card(F*) Z, also irrespective of 
the parity of card(i?), as if n verifies a = 7" then 7"~"o = and 7 is a generator of E* . 

As card(£'*) = card(£') — 1, the statement about parity of the elements of {n € K | a = 7"} follows. 

If a = 7"" with no = 2too, then a = (7™")^ so is a square. Conversely, if a is a square, there exists (3 G E* 
such that a = But there exists mo G Z such that (3 = 7™'% so a = •j'^™-", and the set {n e Z | a = 7"} 
contains the even number 2mo. $ 

Proposition 1.11: 

Let E be a Galois Field such that card(i?) is odd, then the product of two non-zero squares or two non-zero 
non-squares is a square and the product of a non-zero square by a non-zero non-square is a non-square. 
There are exactly (card(i?) — l)/2 non-zero squares and exactly as many non-zero non-squares. $ 

Proof: The first statement is a trivial consequence of [l.lUnimodulars and Quadratic Residueslemma.l.l| 
The second statement is simple the constatation that (card(£^) — 1) is even, therefore that there are as many 
even numbers that there are odd numbers in {1, . . . , (card(£') — 1)}, and that each number in that set gives 
rise to a different element of £'*. $ 



2 Applications of finite alternative Cayley algebras 

The main goal of this section is to build concrete examples of finite alternative Cayley algebras, and 
explicitly compute some important numbers related to them (such as the number of invertible elements and 
the number of unimodular elements). 

As announced in 11.2.21 we will first consider an associative and commutative ring with unit A; in 12.31 
A will be a Galois field, and in 12.41 it will be a congruence ring. We then choose three elements in A, a, 
(3 and 7, and repeatedly apply the Cayley-Dickson procedure using these constants. More precisely, we 
start with E = A, seen as a Cayley algebra over A, and using the identity as conjugations. Applying the 
Cayley-Dickson process to E using a yields a Cayley algebra we will denote by Ea. Then we apply the 
Cayley-Dickson process to Ea using (3 and yielding Ea,j3. Finally, we apply the Cayley-Dickson process one 
last time, to Ea,[i using 7 and yielding Ea jj.-y. We could keep doing this indefinitely, of course, but beyond 
Ea,p.-i the algebraic properties are usually so poor that there is no real incentive to do so, and no outside uses 
have been identified which would make it worthwhile either; technically, the fact that we could no longer rely 
on |1 .4Cayley Algebraproposition. 1 .4| would also prove bothersome. As indicated in 11.2.21 this is a setting 
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in which it is sometimes advantageous to consider the successive algebras as supersets of each others, and at 
any rate most convenient to consider the various Cayley norms as taking their values in A (the identification 
of A with £/ — A - e, where e is the neutral element of one of the successive algebras is possible in this case, 
as the mapping [x i-^ a; • e] is bijective). In particular, this leads to the following simple expressions: 

^e(x) = 
,j\^Ea ((2^1 V)) = + ctx^ 

._yfE„ ,3,^ ((a;, y, z, t, u, w, s)) = {{x^ + ay^) + P{z^ + at^)) + -/{{u^ + av^) + P{v? + as^)) 

2.1 Some common properties 

We collect here some properties which are scattered in the previous section, and give some immediate 
consequences. 

We consider a commutative and associative ring with unit(j4, +, .) and {E, +, x , •, cr) a finite and alter- 
native Cayley algebra over A (with neutral elements e and for "x" and "+" respectively), and = A - e. 

Then we know that {E*, x) and {He, x) are finite di-associative LP. loops, that (^*, x) and {'O^e, x) 
are finite abelian groups, that for all x ^ E* , {P^, x) is an abelian group, and that we have 

(VtJ e E*) card(£;*) = [E* : P^] card(P^) (PI) 

(Vcj G Hb) card(ilB) = [He ■ P^] card(P<,) (P2) 

card(£;*) = card(ili5) card{d\E) (P3) 

card(9l£;) (P4) 

(Vx e E*) card(^(P^)) | caidimE) (P5) 

Proposition 2.1: 

(Vx e E*){3m \ card(9^£;)) {n e Z | x" G He} = ml; in particular (Vx G E*) G He and 

(Vx G E*) a;'=^>^d(i;/-) g 

(Vx G E*){3m I card(i;*)) {71 G Z | x" = e} = mTL; in particular (Vx G E*) x'^"'^^^') = e. 

(Vx G il£;)(3m I card(il£;)) {n G Z | x" = e} = mZ; m particular (Vx G Hb) x'^^''^^"^) e. $ 

Proof: The first statement is a consequence |1.9Unimodulars and Quadratic Residuesproposition.l.9| The 
second statement uses (|P5|I in addition to the first statement. The third statement uses (|P4|I in addition. 

The fourth statement is a consequence of the fact that {Px, x) is an abelian group, and the fifth is an 
application of HP1|I . 

The sixth statement is also a consequence of the fact that {Px, x) is an abelian group, and the seventh 
is an application of l|P2p . $ 



2.2 Preliminary computations 

We will use the notations of Appendix IbI and the results therein, which are merely rewritten from 0. 
This subsection essentially builds upon the equivalent to jOI page 106, Exercises 19 and 20] for any finite 
field. We will write here q — card(F). 

Given a finite field F, ai G F*, . . . , G F*, and b ^ F, we will denote by iV(aix^ + • • • + a^x^ = 6), or 
just N as no confusion is to be feared here, the number of solutions of the equation aixf + • ■ ■ + a^x^ = b 
in F, and by N{aix'^ = c) the number of solutions of aix"^ — c in F. We impose r ^ 1 here. Clearly, 
N{aixl + h arxl = b) = J2ai+-+a^=b N{aixl = ai) ■ ■ ■ N{arxl = a,.). 

If card(F) is even, [F ^ F; x 1-^ x^] is a bijection and thus TV = X]ai+---+a^=h 1 — 

If card(F) is odd, then N = Eqi+...+q,,=6 DLi Exf=eF ^»(ff )' because 2 | (g - 1), and we therefore 
need to determine the number of multiplicative characters of F whose order divide 2. As the group of 
multiplicative characters of F is cyclic, of cardinal q — 1, which is even, the the number of multiplicative 
characters of F whose order divide 2 is exactly 2: the trivial character eF and one we shall call ^ and 
which is merely a generalization of the Legendre symbol as shown below. 
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Proposition 2.2: 

Let F be a finite field such that q = card(i^) is odd; then 

f+l if {3 /3 e F*) a ^ (3^ 
£'2ia) = <0 ifa = 
1—1 otherwise. 

is a mutiplicative character of order two and =^?^2(^1f) = (^1)^^;' *^ particular 7^ e_F- S 

Proof: It is immediate to check (using |l.lUnimodulars and Quadratic Residueslemma.l.l| l that ^2 is a 
multiplicative character, and since it is trivial that (Va G F*) {£^2{ci)Y — 1; its order divides 2. Since by 
|l.llUnimodulars and Quadratic Residuesproposition.l.ll| there exists non-zero non-squares, ^2 does take 
the value —1, and thus its order can't be one, so is exactly two. At the same time, ^2 7^ cf- 

The equation = —Ip F has solutions if and only if (— 1f)^ = If (according to IB.1.21 in this 
case d = PGCD(2,g — 1) = 2). Hence —If is square if and only if (— 1)t~ = 1 (which is equivalent to 
g = lmod4), and thus jr2(-lF) = (-1)^- $ 

We can now see that 



N : 



E n 

Oi\-\ hCtr — ^ i — 1 



X2 



ai 



- E E 

QiH hQr=fc aje5^({l,...,r}) 

where ^{X) denotes the power set of X, and we have ^2 — as in any (multiplicative) group. 
Therefore 



N 



E E 

ui£.9'({l,...,r}) ai-\ |-ctr=fc 



= E [^2^'\a,)---^2^'''-\ar)\ ^2'^\a,)---^r'\o.r) 

wG5*({l,...,r}) aiH har=fc 

as both ep and ^2 are multiplicative characters {so ep {^^^ — ^Fi^i) ep{a^^) and ^2 (^T'^ ~ ^2(ai) ■^2(0.^^)) 

and are of an order dividing 2 (so eF(ai~"^) = £p{ai) and jr2(a.r^) — =^2(ai))- 
We now come to a point where we must distinguish between 6 = and 6^0. 



N = 



SwG5«({l,...,r}) 
Swe^({l,...,r}) 



^2 V^lJ ' ' ' =^2 l,^r j ^0l,=^2 ' 



, . . . , ^2 



Using the results in IB. 31 we find that 



if 6 = 
if 67^0 



N : 



-|- J?^(ai • • • ttr) Jo{^2, ■ ■ ■ , ^2) 



if 6 



+ ^Jib) 3r2{ai • • • a.) J(S2, . . . , ^"2) if 6 ^ 
We now must also distinguish between whether r is even or odd. 

r terms 



If r is odd, then ^T^^' = ep and ^{ ^ ^2 ^ ep, so Jo(^2, . . . , ^^2) = and g{.3r2Y = J(^2, ■ ■ • , =^2) 5(^2'')> 



and since ^2'' = J{X2.---.^2 = g{^2Y'^ ■ But ^2" = ^2 = =^?^2 so <?(Jr2)^ = ^2(-1f)'7 and 

r terms 



J{^2, ■ ■ ■ 1 2^2) = [>^^2(~1f) 9] 2 • Combining this with the fact that <£2(— If) = (—1) ^ we finally find 
that N = q"-^ if 6 = 0, and N = q"-^ 



^2(6) ^2(01 • • • a,-) (— 1) '2 2 q 2 otherwise. 
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r terms (r - 1) terms 

If r is even, ^2~^ = f-F and X{ — ep, so Jo(=^2, ■ • • , ^2) — ^2{—^f) {q — 1) J{^2, ■ ■ ■ , ^2) and 

(r - 1) terms r terms 

j(l27^^~^) g{.Sr;-^) = g{3t:2Y-y Together these give Jo(E^^^^~E2) = ^2(-1f) (g - 1)3(^2)""' = 

r terms {r — 1) terms 

^2(-1f) {q - 1) [^2(-1f) Furthermore j(Er^^~E2) = ^2(-1f) J(^i2?'?^~i2) and 3(^2)""' = 

(r - 1) terms (r — 1) terms r terms 

^Ijr/-!) J{'jr2,.^,^2), so j('jr2,.^, jr2) = 5(^2)'-^" and J(:i2~!^~7i2) - -^2(-iF)ff(>r2)'-' = 

-^2(-1f [^2(-lFg)]5"^) so finaUy N = q"-^ + ^2{ai ■ ■ ■ Qr) (-1)^5 (g - l)q^-^ if 6 = 0, and N = 
q''^-^ — ^2(&) =^2(01 • ■ • Or) ^ otherwise. 

We summarize the vahie of N{aixl + • • • + a^x^ = b) as follows: 



q even 


7 — 1 

q 


q odd 




r odd 


r— 1 


r even 


g-^-i + ^2(ai • • • flr) (-1)^ 5 (g - 1) g5-' 


6^0 


r odd 


g'-i + jr2(fo)^2(ai---a.) (-l)^^g^ 


r even 


_ ^2(5) Jr2(ai ■■■ar) (-1)^ 5 



2.3 Cayley-Galois constructs 

As announced at the begining of this section, we consider here A = Fg, with Fq be a Galois field of 
cardinal q. We will designate by Fq-a etc. what was denoted by Ea etc. in the introduction to this section. 

We now assume aPj ^ 0, for brevity's sake. The preliminary computations above yield the table below. 

Note that Fq.a,p and Fq.a,i3.'y never are fields, but that when q is even, Fq-a is never a field whereas when 
q is odd, Fq;a sometimes is a field (it is a field if and only if ^2(0;) (—1)^ = —1). 

It is interesting to note that, when q is even, Fq is of characteristic 2, and thus we always have —x — +x, 
so, as a consequence of |1.6Cayley-Dickson for algebrasproposition.l.6| and the form of the conjugation 
resulting from the Cayley-Dickson process, Fq, Fq-a, Fq;a.f3 and Fq-a, p. ■y, and actually any successor in the 
doubling scheme, are commutative and associative (irrespective of the value of a, (3, 7 or their successors), 
and the conjugation at each step is the identity. 



(a/37 7^ 0) 


q odd 


q even 


card(^*) 


q-l 


q-i 


card(i^;) 


q-l 


q-i 


card(i^,*J 


[g + ^2(a) ((z-l)(-l)^] 


q^ -q 


card(i^;.„_^) 


[g3 + (g-l)g] 


q^ - q^ 


card(i^,*„,^,^) 


q» - [q^ + {q-l) q"^] 


q»-q^ 


card(il_Fg) 


2 


1 


card(U_Fg.„ ) 


g-^2(a) (-1)"^ 


q 


card(iiF,,„.^) 


3 

q - q 


q' 


card(iij.,^„„_J 


7 3 
q - q 


q' 
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2.4 Cayley integers 

As announced at the beginning of this section, we consider here A = ~ li/n'Z, with n e N, not 
necessarily prime (but still n ^ 1, of course). We will designate by Win- a etc. what was denoted by Ea etc. 
in the introduction to this section. Elements of these Cayley algebras will be dubbed Cayley integers. 

The situation here is somewhat more complicated than that of l2.3l 

Let n — Y[i=i "-i where the rii G N* are relatively prime, and let 7r„;„. : Z„ —^ Z„. such that if 
X e Z„ and X £ Wi, X € X , then pi„;„;(X) = Y such that if y & Wi, y € Y then y = xmodiii. The Chi- 
nese Remainder Theorem informs us that, as algebras with unit over A = S„, S„ and Z„j X • • • X S„j. 
are isomorphic, via 7r„ : K„ — > W^ni X ••• X Wjn^'jX (7r„.„j (z), . . . , 7r„;„^ (a;)). By using the identity 
on Z and the as conjugations, Z„ and the are Cayley algebras on the same ring A = Z„, 
the 7r„:„. are Cayley epimorphisms. |1.1A fundamental shortcomingthcoreni.l.l| now informs us that, us- 
ing the identity on Z„j X • • • X as conjugations, X • • • X is also a Cayley algebra over A = 
TLn- In fact we see that Z„j X • • • X K„j. is Cayley-isomorphic to TL (it is isomorphic as an algebra with 
unit by the Chinese remainder theorem, and the conjugation is the identity on both sides). Therefore, 
|1.3Cayley-Dickson for morphisms, and consequcncestheorem.l.3] proves that, given a G Z„, Z„j;c[X- • •XZ„j.;q, 
is a Cayley algebra which is Cayley-isomorphic with the result of applying the Cayley-Dickson procedure to 
TLni X- ■ -XZnj. using a, i.e. Cayley-isomorphic to Z„;q., as detailed in |1.3Cayley-Dickson for morphisms, and consequencestheo 
(in somewhat more details: to {x,y) e Z„;q we associate ((7r„;„^ (x), 7r„;„^ (y)), . . . , (7r„:„j^ (a;), 7r„:„^ (j/))) e 
^ni;a X • • • X Wjn^-a)- Wc cau iterate the above reasoning, and we find that K„j;a,^ X • • • X 'Znk-a,f3 (respectively 



ni ;a,/3,7 



X • • • X 'Eni^;a,i3,'y), IS a Caylcy algebra isomorphic to 'Zin;a.j3 (respectively Z„;q,^^^), in a way similar 



to that detailed above. 

Using the above isomorphisms we see that an elements of Z„ (respectively Z„ 
vertible if and only if 7r„.„. (x) (respectively 7r^.„. (x), tt".'^. (x), 7r".'^:^(a;), where tt"., 
the Cayley-Dickson procedure to 7r„.„. using a, etc. 



is invcrtiblc for all i. Therefore 

r r77 ^ T rji^ T 



) is equipotent to Jl^^i Z,*^ (respectively n,=i V^^=l ^n.;a,/3' 

a similar statement for unimodulars by noting that 7r„(l) = (1, . . . , 1). In short: 



7 ^n:a,/3i ^n;a,/3,7) IS in- 

is the result of applying 
(respectively 

^: ,a,/3,7)- We find 



card(Z:) =ncard(Z:j 
1=1 

k 

card(K:.J = ncard(K;^J; 

i=l 

card(K;.„_^) = nc^^d(^n.;a,/3) 

i=l 

card(K;.„_^^^) = ^c'ayA{TLI^.^^^^^^) 



card(iiz„ ) = ]J card(ila„^ ) 

i=l 

fc 

card(ilz„,„) = ncard(ilK„..^) 

1=1 
fc 

card(ilz„.„^) = ]^card(ila„..^^) 

i=l 

fe 

card(itz„,^,3^^) = J|card(llz.„..^_^_^) 



i=l 



1=1 



A last touch is to notice that the number of invertible (or unimodular) elements in K„.;q, (ete.) seen as 
a Cayley algebra over Z„ is the same as when seen as a Cayley algebra over TLm ■ 

Finally, to compute the cardinals of interest to us in this segment, we simply have to do so for integers 
of the form n = p'^, with p prime and s ^ 1. 

If s = 1, then we are face to a special case of the Cayley-Galois constructs we have just studied. 

The elements of Wips which are not invertible, are, as is well-known, exactly those of the form x = kp, for 
some integer fc, where a represents the congruence class of the integer a modulo p'*, a convention we will use 
throughout this segment (and not to be confused with the notation for the conjugation). Hence there are 
p''"^ elements which are not invertible, and thus card(Z*s) = card(j2/*) = p**^^ {p — 1). 

Assume p 2. We will further assume, for brevity's sake, that a S /3 g 7 € 1i*s. 

Let us first determine the number of invertible elements. As we will see, finding the number of unimodulars 
will use essentially the same techniques. 

More to the point, we will determine the number of elements which are not invertible, and assume s > 1. 
|1 .4Cayley Algebraproposition. l'!4| informs us that an elements of (respectively Zps;a, 'Zps-a,0, '^p'-.a.p,^) 
is not invertible if and only if its Cayley norm is not invertible in jz/, which here is Cayley-isomorphic to . 
Taking into account the expression of the Cayley norm on Kps.^ etc. given at the beginning of this section. 
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we see that finding the non-invertible element of TLps-^a amounts to finding couples etc. of elements of TLps 
such that Xi + etc. is not invertible in . As an element Xi g is completely characterized by the 
integer Xi e {0, . . . — 1} such that Xi € Xi, we are (unsurprisingly) led to solving a congruence equation 
in K. We will find it convenient to write Xi in the basis p, so that Xi = Xi-op*^ + Xi-ip^ + • • • + Xi-s~ip'^~^ . 

Finding the non-invertible elements of Wips-a, for instance, is therefore equivalent to finding all the 
(a;i;o, ■ • • , a;i;s-i, a;2;0j • ■ ■ tX2;s~i) & S^*' such that there exists k £7L such that 

{xi.Qp"^ + xi,ip^ + ■ ■ ■ + xi,s-ip''^f + {aop° + aip^ + ■ ■ ■ + as-ip'~^){x2-,oP° + X2-,iP^ + ■ ■ ■ + X2-,^^^ 

= kpmodp" 

Solving this kind of equation is classical and elementary f 

In the case of Wips-a it is even especially simple, as we see that in that particular case our equation is 
equivalent to xf.Q + ai)x\.Q = Omodp, which we have already solved in l2.3l 

In brief, there are p+ (jf^ (P ^ 1) (^1)^^ possible choices for (a;i;o, a;2;o), with denoting the 

Legendre symbol of x with respect to p, and p choices for every other variables. Hence card(Z*a.„) = 

In the case of Tipe-a,p (and 'Zps-a.p^-y), the method is identical, and the results arc summarized in the 
table below. 

Let us now turn to the case of the unimodulars. By definition, this means we look for the elements for 
which the Cayley norm is equal to I € Wips . 

let us first determine the number of unimodulars in Zps . By the same token as above, we are led to solve 
the equation 

{xi,oP° + xi-ip^ + ■■■ + xi.^s-ip"^'^)^ = Imodp" (U) 
This is of course equivalent to the following expanded equation 

xuk xuj^k = 1 modp^ (U') 
j=0 \fc=o / 

The first thing we note is that (|U'|I implies 

xl.Q = lmodp^ (U'l) 



If s = 1 these equations are actually equivalent, of course, but otherwise (jU'|l is equivalent to the 
conjunction of itself and ljU'l|) . 

We know fbv lB.1.2|l that the solut ions to ljU'll) are a:i;o = 1 f^nd a:i;o = p— 1, both of which happen to be 
invertible in Kp. If s = 1, we are done, as noted above, otherwise, ljU'll) is a constraint which our solutions 
must verify. 

The second thing we note is that (|U'|) also implies 



[xlo] P° + [2 xi;o xi;i] p^ = 1 mod/ (U'2) 

As above, if s = 2, (|U'|) is equivalent to (|U'2|1 . but even if such is not the casdU'l is equivalent to [ (|U'P 
and ljU'll) and l|U'2p ]. We note also that ljU'll) implies that x^.q = 1 + kop^modp^, for some integer fcg 
dependent only on a:i:o. But this means that [ (jU'll) and (|U'2|l ] is equivalent to the conjunction of (|UTp and 
2xi;oa:i;i = fcomodp^. Since xi-o always is invertible in Zp for the solutions of ljU'p . this implies a single 
possible value for xi-i given a value for xi-q. 

We may iterate this reasoning until we have reached the value of s. At each step save the first, the value 
of xi-i can be seen to be uniquely determined by the values of xi-o, . . . , xi-i-i. Finally, card(il^ps ) = 2. 

We briefly sketch the computation of card(ilK s.^), which is essentially similar to the above, albeit yet 
more computationally unpleasant. card(il^ps.^ ^) and card(il^ps,„ ^ ) appear in the table below. 

To compute that number, we have to solve 

{xi,QP° + xi,iP^ + --- + xi,s-ip'^^f + {aop° + aip^ + --- + as-ip'-'^){x2-,op" + X2aP^ + --- + X2,s-ip'~^f 

= lniodp" (UU) 
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The first step, as above, it to note that IjUUI) is equivalent to the conjunction of itself and 



Xj^.Q + Q!o a;2.o = 1 modp (UUl) 

We have solved this equation too, in 12.31 and we know it has p — (^1)^ solutions, all of which 

evidently differ from (0,0). 

The second step, which is only necessary if s ^ 2, is to see that (|UU(I is equivalent to the conjunction of 
itself, jlJUl] and 

[x\.Q + ao x\.^] p° + [2 xi-fi xi-i + 2ao X2;o X2-i + ai xI.q] = 1 modp^ (UU2) 

Since we know that xf.Q + ag Xj.q = 1 + fcoP^ modp^ for some integer ko dependant only upon xi-o and 
X2;Q, we see that what we actually have to solve is 2 xi-o xi-i + 2ao X2-o X2-i + cxi a^i-o = kg — ai x^.q. Hence 
for each {xi-fl^X2-fl) solution of ljUUl|) there are p choices for (xi^i, a::2;i)- 

We may iterate this reasoning until we have reached the value of s. At each step save the first, there 
are p values of {xi-^i,X2;i) which are uniquely determined by the values of a;i;o, . ■ • , xi-^i-i, X2-fi, . ■ • , X2-,i-i- 

Finally, card(it^^.^ J = p^-^ [p ^ {j) (-1)"^ • 

We now assume p — 2, where things keep getting ugly. We will also assume, for brevity's sake, that 
a g 7L2SJ f3 e ^2=, 7 e ^2^. Note that a € is equivalent to ao = lmod2, and likewise for /? and 7. 
Recall also we have already shown that card(K2s) = 2'^^^. 

We again look for elements of 'Z2=-a s.tc. which are not invertible. As above, we look for them in by 
identifying members of their class in {0, . . . , 2" — 1}, and writing them in base 2. However in this case the 
expansion of the equation is different, precisely because the number 2 which is the base of expansion also is 
a coefficient of elements in the square of a sum! 

For S2=;q, we have to solve 

(a;i.o 20 + xi;i 2^ + - ■ ■ + Xi,s-i 2'-^f + {ao 20 + ai 2^ + -- • + a,_i 2p'-^){x2;o 2" + a;2;i '^^ + ■ ■ ■ + X2;s-i 2'-')' 

= k2 mod 2" 



for all integers k. 

Expanding, we find that this is equivalent to x\.q + a^x^.Q = 0mod2, and we have determined that 
(since we want to consider only a G ^23) ao = 1- Furthermore, we know that [x i—> x'^] is a bijection on 
Z2 = GF(2). Hence there just two solutions for (a^i o, 2^2 0), and 2 solution for every other unknown. Hence 
card(K^.J = 22-i. 

We proceed likewise for Zjs.^ ^ and Zjs.^ ^ ^ and give the relevant values in the table below. 
We now turn to the unimodulars. 

In the case of Z2, the relevant numbers have been computed already in 12. 31 

Since Z22 has just four elements, we list them explicitly and discover that there are exactly 2 unimodulars. 
We note that the Cayley norm of an element of K22 is always either or 1 (and in particular all invertibles 
are unimodular), and never either 2 or 3 (the only remaining possibilities). 

li{x,y) G Z22.Q, we know that (with our above conventions) ^^^a.^ ((^> 2/)) = -^32 (2^) + ('^o + Q^i 2)o/(^^2 (y), 
and we have assumed here that ao = 1. 

Therefore, if ai = the Cayley norm of an element of K22.Q, can only take the value 0, 1 or 2, hence here 
too unimodulars and invertible are the same elements (and so card(ila^2 ) = 8). 

On the other hand, if ai = 1 (the only other possible value), then we have ^^,^2 — 1 and 

^^,^2 1)) — 3 and we see that Z22 C {1,3} C ^1,^2 C ^32 ; we now invoke |1.8Unimodulars and Quadratic ResiduespT 
(more precisely (|P3|) ): card(Z22.Q,) = card(ila ^ ) card($Ha 2. )j which here means 8 = card(ilK 2, ) x 2. 

In a similar way, ^^^2,^,^ ((1, 0, 0, 0)) = 1, so"{l} € ^^^2.'^- "1 = A 0' t^en ^^^2,^,^ ((0,' 1, 1, 1)) = 
3. If ai = and Pi — 1 then yf^^^2 ^((0' 0, 1)) — 3. Finally, if ai = 1 and irrespective of the value of /3i 

^^22.0 13 ^' ^)) ~ ^- ^'^^^ ^"-"^ have 9^^22-0 /] ~ ^22 ■ We reason in just the same way for ^^22-0 n ' 
Assume now that s ^ 3. 

The unimodulars of ^2= are a well-studied topic, and we find, in e.g. |11| . that card(ila2s) = 4 and that 
9^K2s = {a\a G WijQ = 1 mod 8} = {1 + k8\k £ Z}. On the other hand, an element of ^2= is not invertible 
if and only if it is of the form k2, with ^ fc < 2*~^, and these have squares of the form k'^A, and these 
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in turn are all of the form 1 16 (when k is even) or 4 + Z 32 (when k is odd), for some (though perhaps not 
every) integer I. 

Given a G , by considering elements of the form {x, 0) we see that ^H^^,.^ D 9lz2=> • 

Assume ai = a2 — (and still ao = 1). We thus have a = 1 + fca 8 for some integer ka, and this implies, 
as stated above, that a G ■ 

Since D^^j, is a group, there exists Za € O^^^^ such that a x = 1, and by definition of D^^js , there 
exists ya G TL\s such that y\ = Za, and thus a x j/^ = T. By considering elements of the form (x, 2j/a), with 
X e TL\s, we see that ^Ha^s ^ also contains all elements of the form 5 + /cS. 

However, ^H^^,.^ contains no element of the form 3 + fc8or7 + A;8. Indeed, if we look at the four possible 
situations for (x,j/) G TLi'-^a, we see that if a; ^ TL*^s and y ^ TU^s or a; e TL'^s and y G Kjs, then .yf^^,,^ ((x, y)) 
is a multiple of 2 (and (x, y) ^ Zj,.^); if x e Z2«, and y ^%*^, or x ^ and y G then ./l^^s.^ ((x, y)) is 
of the form 1 + A;^ 4 + Z 8 for some integers k and Z, which means that they are of the form i + m8or5 + m8 
for some integer m, according to whether k is even or odd. 

Therefore card($nz;2-„) = icard(Z^,,), and card(ila,,,^ J = 2'''+i. 

Assume now ai = 0, a2 = 1 (and still ao = !)• We thus have a = 5 + fc^ 8 for some integer fc„. 
If s = 3, by listing all the elements explicitly, we see the the Cayley norm can reach the value 5 (and 1, 
of course), but not the values 3 and 7. Hence here card(it^23^) = 2^+^. 
Assume therefore that s ^ 4. 

By using the projection 7r2s 2^-3 : ^2" TLii-z we see that 7r2.5,2'-'' (a) is invertible in TL2'-^ and that we 
can, for any value of t in {0, . . . , 2"^"^ — 1}, solve the equation Z(5 + /cq, 8) = i — /ca mod 2*^'^, yielding It- For 
each Z(, we know that 1 + /t 8 G 9^Z2»;c.' ^^'^ therefore that there exists yt G TL^' such that y| = har \ + It 8. 
But then a x = 5 + f 8, so all elements of the form 5 + 1 8 are reached by the Cayley norm. 

A discussion similar to the above shows that no value of the form 3 + fc8 or 7 + fc8 can be reached by 
the Cayley norm. Threfore, as above, card(il^2s.^) = 2*+^. 

Assume now ai = 1, 02 = (and still ao = 1). We thus have a = 3 + fca 8 for some integer ka- 

We know all values of the form 1 + /c 8 can be reached by the Cayley norm, and by considering elements 
of the form (x, 2) with x G TLi' we see all values of the form 5 + fc 8 can also be reached. If s = 3 we see 
that the values 3 and harl are reached (by (0,1) and (2,1) respectively, for instance). If s > 4, solving 
the congruence equations /(3 + fco, 8) = t — mod 2'*^'^ proves as above that all values of the form 5 + k8 
are reached too. Since ^H^ao t. is a subgroup of we see that we actually have ^H^s^ t. = ^2"- Therefore 
card(ina,.^ J = 2^ 

The final case, ai = 1, ^2 = 1 (and still ao = 1), for which we have have a = 7 + fc^ 8 for some integer 
ka is entirely similar to the above, and we thus find that card(9^a2s.^) = 2". 

We will gloss over the unimodulars of 'Zj2^:a.fjj ^22:a./3,7, '^2^;a,0 and 'Zj23.a,i3,'Y: to find the values we want 
we either investigate the explicit list of the elements or we adapt what follows. We therefore assume s ^ 4. 

If either a = 3 + fc4or/3 = 3 + fc4, by considering elements of the form (x, y, 0, 0) or (x, 0, y, 0) and using 
the methods we have developed above, we see that actually ^H^2S;c.,/3 = ^2<*- Therefore card(![H^2a.^^) = 2^*. 

If both a = 1 + A; 4 and /3 = 1 + Z 4, let « G 22-* and v G ^2^ such that 

[i if/3=l + Z'8 [i ifa = l + fc'8 

|5 if/3=l + Z'8 |5 ifa = l + fc'8 



Then 



'^T.2s.o.B{.{x,y,u,uv)) = x^ + y^+ < 



2 
6 
10 



We can thus see that 3, 7 or 13 is reached, and reasoning as above, 9^Z20c/3 = ^2=- Therefore 
card(lH^,.^„_ J = 23^ 

Since by considering elements of the form (x, y, z, t, 0, 0, 0, 0) the Cayley norm reaches all of Z2S , we can 
immediately see that card(9^z2'>ic.,/3,T) = 
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2.5 Further results 

We collect here some remarks and results about the objects we have studied in this section and relatives 
thereof, which are too few to warrant a section of their own. 



Proposition 2.3: 

Let p be an odd prime, k ^ 1 an integer, q = p^ and a S F* such that ^2(a) = ~1- Then F*.^ is 

cyclic and in particular there is an element of order — 1. Furthermore, if zg is a generator of F*^, then 
^Fg-ai^o) is a generator ofDlpga- ^ 



Proof: Under these hypotheses, Fq-a is the finite field of cardinal g", hence its invertible elements are cyclic. 
Since card(i^*.„) = q^ — 1 this means that there is an element of order q^ — 1. The last assertion is trivial by 
contraposition. $ 

Proposition 2.4: 

Let p be an odd prime, k ^ 1 an integer, q = p^ and a G F* such that ^2(0^) = +1. Then the order 

of any element of G F*.^ divides q — I, and G F*^ is not cyclic; however iipg a cyclic and isomorphic to 

F*. ' ' $ 

Proof: Under these hypotheses, F*^ , iipg.^, and 9^f,.„ are abelian groups, and card(ilFg.„) = card([Hi?^.^ ) = 

g— 1. Therefore, given any (n, m) S card(ilF .„ )Xcard([HF .„ ), {n,u)'^^^ ~ (1, 1), with 1 the neutral clement for 

the multiplication in Fq. The first statement then results from |1.8Unimodulars and Quadratic Residuesproposition.l.8| 

The second statement then results from the fact that q — I < {q — 1)"^ = card(F^*.^). 

Note that ^2(01:) (—1)^ = +1 is equivalent to the existence of uj £ F* such that = —a. Therefore 
{x,y) e ii^F,.Q <J4> + ujy){x — Loy) = e. Let now z = x -\- toy £ F*. We compute immediately that 
{x,y) = 2~^(z + z~^,u}~^{z — z~^)), with 2 = 1 + 1 (which is invertible because q is odd). Better yet, we 
immediately verify that [F* 'iip z 2^^{z + z^^, ui^^{z ~ z^^y)\ is a group isomorphism. $ 
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Appendices 



A Some common and not-so-common algebraic structures 

Algebra is rife with named structures. Unfortunately, authors tend to disagree about what a given name 
refers to precisely (always with good reason, but easily resulting in confusion nonetheless; 53)' ^^^^ for 
the many structures found in most introductory- level material f |15[ ...]), and even for reference material 

I14L [TB| ). This appendix is therefore here to describe, precisely, the meaning we give to various terms 
used in the main text of this document. We have included in this discussion a few other familiar structures 
to serve as "landmarks" , but this is not a comprehensive catalogue of all algebraic structures (not even of 
the most common ones). We will endeavor to follow what we feel is current usage (521)i though we take 
this opportunity to perform a few generalizations. One particular emphasis of this appendix is the careful 
treatment of associativity, in some (again, not all) of its various shades. 

A.l Structures involving only one law 
A. 1.1 A protean foundation: the magma 

Given a set S, an internal law on S (or simply a law on S) is a function / defined on all of S* X S* with 
values in S. A magma is a structure {S, f) where S* is a (perhaps empty) set and / is a law on S. A groupoid 
is a non-empty magma. Given a set T <Z S, li f source-restricted to T X T takes its values in T, we call 
the structure (?", /Ij^xt) ^ suhmagma of {S,f). Given any (non-empty) collection {Ti)i(zj of subsets of S 
such that / source- restricted to Ti X Ti takes its values in Ti for all i e /, if we name U — Hie/ ^^d 
that (J7, f\ijxu) is a submagma of (S*, /) and of every (T^, /l^'^^, ). Therefore, given any (perhaps empty) set 
X d S, Therefore there exist a (perhaps empty) set F C S* such that X CY, [Y, /|yxy) ^ submagma of 
{S, /), and such that if (T, /I^xt) ^ submagma of (5, /) such that X C T, then F C T (in other words, Y 
is the smallest submagma of 5' containing X); we call this the submagma generated by X . Given a collection 
{a)j£j of elements of S", we call the submagma generated by the aj, the submagma generated by {aj\ j G J}. 

A magma {S, f) is monogenic (or cyclic) if and only if there exists some a G S such that the submagma 
generated by a is the whole of S. 

A law f on S is^ alternative if and only if (y x G S){\f y S){\/ z Q S) [{x = y ot x = z or y = z) ^ 
f{f{x, y), z) — f{x, /(y, z)]. If the law of a magma is alternative we say that the magma itself is alternative. 

A law / on is associative if and only if (Vx S <S')(Vy G S){\f z e S) f{f{x,y),z) — f{x,f{y,z)). If the 
law of a magma is associative we say that the magma itself is associative. 

A law / on 5 is power-associative if and only if for each a € S the submagma generated by a is 
associative. If the law of a magma is power-associative we say that the magma itself is power-associative. 
An alternative law (or magma) need not be power-associative^, and a power-associative law (or magma) 
need not be alternative^". 

*This definition generalizes that A definition equivalent to that of |21 involves separating left and right alternativity, and 
fiexibility (though left and right alternativity together imply fiexibility, 1191 
^Consider: 
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In this case, the law is alternative, but the submagma generated by b is the whole of {a, b, c, d} and the law is not associative 
on it because f(b, f{d, c)) = f(b, a) = a ^ c = f(c, c) = f{f{b, d), c), hence the law not power-associative. 
^"Consider: 
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In this case the law is power-associative, as the submagma generated by any element is reduced to that element, but the law 
is not alternative, as for instance /(a, /(a, 6)) = /(a, c) = b ^ c = f{a, b) = f{f{a, a), b). 
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It is perhaps surprising that a monogenic magma need not be power-associative^^! A power-associative 
magma need not be monogenic, of course^^. 

A law / on S" is di- associative if and only if for each couple of (not necessarily distinct) elements of S*, 
fli and 02, the submagma generated by {01,02} is associative. If the law of a magma is di-associative we 
say that the magma itself is di-associative. A di-associative magma is always both alternative and power- 
associative, but an alternative magma need not be di-associative^'^, and a power-associative magma need 
not be di-associative^**. Likewise, an associative magma is always di-associative, but a di-associative magma 
need not be associative*^. 

Given a law / on S", an ei € 5 is a left identity element for the law / if and only if (Vx e S) f{e\, x) = x] 
and an Ct € iS* is a right identity element for the law / if and only if (Vx € S) f{x,e^) = x. An e G 5 is 
an identity element (or neutral element) for the law / if and only if it is both a left identity element for / 
and a right identity element for /. A neutral element is necessarily unique. A neutral element is frequently 
called a "unit" for the law, but we will not use this terminology here due as this would conflict with other 
possible meanings of this word. A magma with unit is a magma whose law has a neutral element. 

A law / on 5 is commutative if and only if (Vx € S')(Vy G S) f{x, y) — f{y, x). If the law of a magma 
is commutative we say that the magma itself is commutative. 

Given two magmas {S, f) and (5',/'), a magma (homo)morphism is a function : — s- S" such that 
(i{x,y) e 5*^) 9{f{x,y)) = f'{9{x),9{y)). If (5,/) and (S",/') are magmas with units, whose neutral 
elements are respectively e and e', then a function 9 : S S' is a (homo)morphism of magmas with unit if 
and only if it is a magma morphism and 9(e) = e' . A surjective morphism is called an epimorphism, and an 
injective one is called a monomorphism. An endomorphism is a morphism from one set to itself. A function 
: 5 — *■ S" is an isomorphism if and only if it is a homomorphism, it is bijective and the reciprocal function 
9^^ : S" — > S" is a homomorphism. An automorphism is an isomorphism from one set to itself. 

If / is a set and (5*^, fi)i^i is a (non-empty) family of magmas, we define a magma structure on the product 
set S by f : S X S; {{xi)i^i, {x[)i^i) 1-^ {fi{xi,x'j))i^i. If all the magmas in the family are commutative 



^'^CH gives the following example: 
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In this case e generates the magma (a loop, actually, sec further on for the definition), but /(c, /(c, c)) = /(c, 
/(d, c) = fU{c,c),c). 

^^As the example in footnote llUl attests. 
Consider: 



In this case, the law is alternative, but if ai = 6 and 02 
associative, since f(f(b, d),c) = a ^ c = fib, f(d, c)). 
^^Consider: 



d, then the generated submagma is {a, 6, c, d}, which is not 



In this case the law is power-associative, but not di-associative because if ai = a and 02 = c then the submagma generated 
by these two element is the whole of {a, b, c}, and the law is not associative on it (because /(a, /{c, b)) = f{a, a) = a ^ b = 
f{a,b) = f{f{a,c),b)). 

^^consider: 



In this case the law is di-associative, but is not associative because /(a, /(b, c)) = a ^ c = /(/(a, b), c). 
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(respectively power-associative, alternative, di-associative, associative, with unit), then the product magma 
is likewise commutative (respectively power-associative, alternative, di-associative, associative, with unit). 
Even if all the magmas in the family are monogenic, however, the product clearly does not have to be 
monogenic. 



A. 1.2 Strongly associative subsets 

We present this interesting variation on the idea of associativity which we will use later on in this 
appendix. This is essentially a simplified presentation of notions found in 2 . 

Let (S, /) be a magma, and T d S. We will say T is a strongly associative subset of S if and only if 

iy{u,v,w) e 53) [[[{u,v) e T^] or [{u,w) G T^] or [(v^w) G T^]] ^ f{uj{v,w)) = f{f{u,v),w)] 
Notice that is a strongly associative subset of SI 

Before coming to the crux of this segment, let us recall that an ordered set (£',=<;), whose order may 
perhaps only be partial, is said to be inductive if and only if any totally ordered subset of E has a majorant 
in E for ^. The very important Zorn theorem^® then states that every inductive set has maximal elements. 
We can now state the following simple proposition: 

Proposition A.l (Inductivity of the Strongly Associative): 

Let {S, /) be a magma, and S the set of all strongly associative subsets of S; then [S , c) is inductive. $ 

Proof: Let CL S, totally ordered by C, and let U — Uts^ ^^^^ U \s a. majorant of ^ in 3^{S) (the 
set of subsets of S). 

If [/ = 0, then U is strongly associative. 

If ?7 7^ 0, let {u,v,w) e S^. Assume that w e f/, u G [/. Then (3F„ e ^) u € F^, (3F^, e ^) w G F„. 
Since (^, c) is totally ordered by hypothesis, then either Fu <Z F^ oi Fy C Fu, so u ^ Fa and v Q Fa 
with Fa — Fu or Fa = Fy as the case may be. But ^ d § and Fa € so Fa G § ^ and therefore 
/(u, /(u, w)) — f{f{u, v), w). The other possible branches of assumption are dealt with in the same manner. 
Finally U is strongly associative in this case too. $ 



A. 1.3 Beyond the magma 

A quasigroup is a groupoid {S, f) such that for all a e 5 the functions la — [S ^ S ; x f(a,x)] (left 
translation, or multiplication, by a) and Va — [S S ; x t-^ f{x, a)] (right translation, or multiplication, 
by a) are both bijections^^. We define subquasigroups as non-empty submagmas of a quasigroup. An 
intersection of quasigroups may be empty^*, but when it is not, it is a quasigroup, so we may define the 
subquasigroup generated by a (non-empty) subset or a (non-empty) collection of elements. A quasigroup 
is commutative (respectively monogenic, alternative, associative) if, as a magma, it is such. It is power- 
associative, respectively di-associative, if the subquasigroup generated respectively by any one or any two 
(not necessarily distinct) elements is associative. 

A quasigroup {Q,*), even if devoid of a neutral element, is said to have the left inverse property (or 
L.I. P. for short), or to be a L.LP. quasigroup if and only if there exists a bijection J\ : Q —> Q; a i—> 



such that (V a e Q){y x e Q) -k {a* x) 



and is said to have the right inverse property (or R.LP for 



short), or to be a R.LP. quasigroup if and only if there exists a bijection Jp : Q ^ Q;a such that 



Given the axiomatic framework of Zermelo-Frasnkol, the axiom of choice and the theorem of Zorn are actually equivalent. 
^'^Which does not imply the existence of either left or right inverses, or even that of a neutral element! Consider: 



^^ llbl gives the following example: 
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{y a Cz Q){y X (z Q) {x^a)-ka'^ ~ X. A quasigroup which has both the L.I. P. property and the R.I. P. property 
is said to have the inverse property (or LP. for short), or to be an LP. quasigroup. 

A loop is a quasigroup whose law has a neutral element. A quasigroup need not be a loop^^. In a loop 
(L, x) therefore, every element a G L has both a right inverse a"^ and a left inverse a'' (which arc necessarily 
unique), but it may happen^° that there exists b G L such that x (ax b) b or {b x a) x ^ b. We define 
suhloops in a like manner as subquasigroups. Note that one can prove^^ that the neutral element of a loop is 
included in every subloop and is is necessarily identical to that subloop's neutral element. The intersection 
of subloops being a loop, we define likewise the subloop generated by a subset or a collection of elements. A 
loop is commutative (respectively monogenic, alternative, L.LP., R.L.P, LP.) if, as a quasigroup, it is such. 
It is power-associative, respectively di- associative, if the subloop generated respectively by any one or any 
two (not necessarily distinct) elements is associative. 

Note that in an LP. loop, Jx = Jp, and therefore every element has an inverse. 

Given a loop {L, x), the following properties are equivalent (Uiij): 



{y X G L){y y £ L){y z G L) {x X y) X (z X x) ~ [x X {y X z)] x x 
{y X G L){y y £ L){y z G L) {x X y) X {z X x) = X X [{y X z) X x] 
[y X <E L){y y £ L){y z £ L) [x X {z X x)] X y ~ X X [z x [x x y)] 
[y X <E L){y y £ L){y z £ L) [{x X z) X x] X y = X X [z x [x x y)] 
(y X £ L)(y y £ L)(y z £ L) [{y X x) X z] X X = y X [x X (z X x)] 



(Ml) 
(M2) 
(M3) 
(M4) 
(M5) 



Any loop which verifies one (and therefore all) of the above properties is called a Moufang loop. A 
Moufang loop is commutative (respectively monogenic) if, as a loop, it is such. We define suh-Moufang loops 
in a like manner as subloops. Any subloop of a Moufang loop is also a Moufang loop. 

A Moufang loop always is f |16[ Theorem IV. 1.4 and Corollary IV. 2. 9]) a di-associative LP. loop (which 
is equivalent to saying that all subloops generated by any two, not necessarily distinct, elements always is a 
group; this is a corollary of Moufang's Theorem). 

A monoid is a magma with unit for which the law / is associative. A monoid is commutative (respectively 
monogenic) if it is commutative (respectively monogenic) as a magma. A monoid need not be a quasigroup^^, 
hence need not be a loop, and a quasigroup need not be a monoid^'^; a loop, even a Moufang loop, need not 
be associative^'', hence need not be a monoid either. 



'Consider: 



^|16| gives the following example: 
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: X, but /(/(c, d), d) c and /(c, /(c, d}) ^ d. 



In this case (Vx £ L) = 

^^Let (L, x) be a loop with neutral element e, and (H, x) be a subloop. Then there exists a £ H such that a X a 
as H (Z L, a a L and axa = a = a><.e. 



a, but 



Consider: 



a 



cL C cl 3f 

babe 
c a c c 

^^See the example in footnote ll7l which is not even alternative. 

^*The multiplication of the classical octonions is an example of this; see also f 1161 page 89] for a reference to the smallest 



possible example of a non-associative Moufang loop. 
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A group is a monoid in which every element has an inverse. One can prove (fTBI) that being a group is 
equivalent to being a quasigroup whose law is associative, or a loop whose law is associative, or a Moufang 
loop whose law is associative^^. We define subgroups in a like manner as submagmas. As with loops, groups 
and subgroups share their neutral element. A group is commutative (respectively monogenic) if, as a monoid, 
it is such. A commutative group is also called an abelian group. 

Morphisms (including isomorphims, etc.) of quasigroups, loops, monoids and groups are simply mor- 
phisms for the underlying magma (or magma with unit). While these notions are quite interesting for groups, 
they are not so for poorer structures (a quasigroup can perfectly be homomorphic to something which is not 
a quasigroup, and a loop can be homomorphic to something which is not a loop, see (161 page 28]), and are 
too strict a tool to be very useful in classifying these later (a better tool for this is isotopism; see jlSi). 

A. 1.4 Derivation graph for one law 

We present here a graph representing the "is-a" relationship for some of the most important structures in 
this first part of the appendix. We have abbreviated "power-associative magma" into "P.-A. Magma" , "di- 
associative magma" into "Di-A. Magma", "alternative magma" into "Alt. Magma", "associative magma" 
into "Ass. Magma", "magma with unit" into "Magma w. U." etc.. 




Moufang Loop Monoid 




Group 



However, since a loop, even a Moufang loop, needs not be associative, it needs not be a group; see footnote 1241 
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A. 1.5 A festival of pitfalls: powers (or multiples) of an element 

We will now take an interlude with an eye towards applications (however remote). Several successful 
methods in cryptography involve taking powers (or multiples) of an element belonging to rather rich struc- 
tures, groups at the least, usually commutative f|21|'). One can't help but wonder what can be salvaged 
of these methods in far poorer settings. Of course, the crux of these techniques usually is a variation on 
Fermat's little theorem, and we will not investigate this here, but the simple idea of taking powers bears 
some investigating. 

Given any magma (S,f), for any a (z S and any non-zero integer n, we define a" by induction, i.e., 

= 1, and having defined for some non-zero integer p, we define a^"*"^ = /(a, a^) — f{aP, a). 

While this is a perfectly reasonable definition, which might even be useful in some contexts, without any 
additional constraints on the magma there not much that can be proved about these objects. For instance, 
we might want to have the same values if we repeatedly multiply on the right by a rather than multiply 
on the left as we have done. Unfortunately, without any assumption of commutativity or associativy, in 
whatever form, it may happen that this is not the case^^. 

Commutativity will avoid this complication, but we will in this document consider very interesting cases 
which are not commutative. Furthermore, commutativity on its own will not be sufficient to insure some 
nice properties such as: 

(Vn e N - {0})(Vm e N - {0}) a"+'" = /(a", a") = /(a", a") (A) 

which some forms of associativity will provide. 

Alternativity is a rather poor choice for a shade of associativity, as then 10 is true if m is a power of 2 
(as can be proved by induction), but may otherwise faiP^. A power- associative magma, on the other hand 
does verify for every element. 

If the magma under consideration is not only power-associative, but is also with unit, with neutral 
element e, we define — e, in addition to the above, and now have an improvement over 

(Vn e N)(Vm e N) o"+" = /(a", a") = /(a"\o") (A') 

If, in addition, the element a happens to have an inverse a, we define for any integer n, a^" as a". 
Unfortunately, if the magma is no more than power-associative, it may happen^* that /(a~^,a^) 7^ a. If, 
however, the magma is actually di-associative, or is a power-associative loop (which is more constraining 
than being power-associative as a magma), then we can improve upon ljA'|) : 

(Vn e Z)(Vm e Z) a"+™ = /(a", a™) = /(a"\ a") (A") 

■^^ Consider: 
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In this case = f{a, a) = h and a? = f{a, b) = f(a, f{a, a)) = c ^ a = f(b, a) = f{f{a, a), a). 
^'^Consider: 
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In this case, = a, o? = b, a? = c, = d, = e, but = e ^ d = f{a?,a?), so iXl does not hold here for m = 3. 
Consider: 
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In this case, the law is power-associative, has a unit, a, but the element b has an inverse, d, while f{b ^ , fe^) = /(d, c) = a ^ b. 
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We may want to investigate what can be said for products of powers of two elements which may not be 
inverses of each other. More precisely, even if the magma is without unit, we would like to have the following 
property: 

(Vn e N - {0})(Vm e N - {0})(Vp G N - {0})(Vg G N - {0}) 

/(a"+", 6^+") = /(a", /(a", = /(/(a"+'", 6^ ), 5") (B) 

If the magma is di-associative, then indeed, we do have Furthermore, if the magma also has a unit 
we can extend into: 

(Vn e N)(Vm e N)(Vp € N)(Vg G N) /(a"+™, 6^+") = /(a", /(a", = /(/(a"+", 6^ ), 5«) (B') 

About the best we can hope for, if the magma has a unit and a and b have inverses would be: 

(Vn G Z)(Vm G Z)(Vp G Z)(Vg G Z) /(a"+",6f+«) = /(a™, /(a", 6^+^)) = /(/(a"+"\ fo^'), 5«) (B") 

As one might come to expect, if the only shade of associativity which can be mustered is di- associativity, 
this might faiP^. There are, however, very interesting cases where (|B"ll is true without imposing (full) 
associativity (which is of course enough to guaranty 

Proposition A. 2: 

// {S, /) is a di-associative magma with unit, and if S is finite, then \B "|) holds for every a and b which have 
inverses. $ 

Proof: Let e be the neutral element of {S, /), and let a G having a^^ as inverse. Since we have assumed 
(5, /) to be di-associative, we immediately see that the sub-magma generated by a and a^^ is actually a 
group, and since it is a subset of S which is finite, it is a finite group. Hence (3no G N) = a"", and 
reduces to $ 

It is also worth mentioning, irrespective of whether S is finite or not, that l)B"|l holds if {S, f) is a di- 
associative loop (which is a more stringent condition than being di-associative as a magma), in particular a 
Moufang loop. 



A. 2 Structures involving more than one law 
A. 2.1 Familiar structures 

A ring is a structure (A, x) such that {A,-\-) is a commutative group (whose neutral element we 
will write 0), and that the multiplication (the law "x") is distributive over the addition'^". A ring is said 
to be with unit (respectively commutative, monogenic, power- associative, alternative, associative) if and 
only if the multiplication is with unit (respectively commutative, monogenic, power-associative, alternative, 
associative). As we will see later on, if the multiplication is alternative, it will turn out to be di-associative 
as well, contrary to what happens for magmas (in other words, not all magma laws are fit to play the role 
of multiplication in rings). Of course, di-associative multiplications are still alternative! 

Given two rings {A, +, x) and [B, f , *), a ring (homo)marphism is a function 9 : A B such that it is a 
group morphism from {A, +) to {B, f ), and a magma morphism from [A, x) to {B, *). li A and B arc with 
unit, whose neutral elements are respectively e and e, then a morphism of ring with unit is a morphism of 
rings such that 9[e) = e. We define, epi-, mono-, endo-, iso- and automorphisms for rings as we have for the 
other structures, from ring homomorphisms. 

29 Consider the set S = {2P\p e 'Z}U{3i\q G Z}U{5''|r e along with the following law 'V: 2P*2p' = 2P+p', 3«7ir3«' = 3«+«', 
+ 5^' = 5'"+^', 2P *3'2 = 39 *2P = 5P+1, 2P *5'' = S"" *2P = 5*'+'", 3'' * 5'' = 5'' * 3« = 5«+''. 

One verifies that (5,*) is indeed di-associative, has a neutral element (1), and that every element has inverses: an element of 
the form 2P has 2~P for only inverse, an element of the form 3'' has 3~' for only inverse, and an element of the form 5'' have 
exactly three inverses {2~^ , and S""") if r ^ (if r = 0, of course it only has 1 for inverse). 

We now see that 2'^ * (2+1*3+1) = 2-^*5'^ = 5+^ ^ 3+^ = (2"! -k2+^)*3+^. 

^^Which means that (Vx G A)(Vy G A)(y z G A) [{x -\- y) x z = (x x z) -\- (y x z) and z x (x -\- y) = (z x x) -ir (z x y)] 
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Note that if A is a ring with unit, whose neutral element we will write 1a, then 1a ^ 4^ A ^ {0}. 
Given a ring with unit A with at least two elements, we will denote by A* the set of elements of A which 
have an inverse (for the multiplication in A); of course A* C A — {0} but the inclusion may be strict. The 
elements of A* are also (very unfortunately) called the units of A. The magma with unit {A*, x), has a 
rather poor structure in general, but when A is associative, it is a group ('|14)'): when A is only alternative, 
it is a Moufang loop ([S]; we will show a special case of this result in this document). 

Given a ring {A, +, x) and a T C A, we will say that T is a suhring if and only if (T, +) is a subgroup 
of (j4, +), and T is stable for the multiphcation of A {i.e. (y{x,y) e T^) x x y <E T). If (A, +, x) is a ring 
with unit, whose neutral element for "x" we will denote by e, then T will be said to be a .suhring of a ring 
with unit if and only if it is a subring and furthermore that e G T^^. 

A semifield is a structure {K, +, x) which is a ring with unit such that, writing K* = K — {0} (with 
being the neutral clement for the addition, i.e. the law +), (if*, x) is a loop, whose neutral clement which 
we will call Ik verifies ^ Ik- A semifield is commutative (respectively monogenic, power-associative, 
alternative, associative) if it is such as a ring. 

A field \s^^ an associative semifield. Denoting by F* the set of elements of F which have an inverse 
(for the multiplication in F) we therefore have F* = F — {0}; {F* , x) is a group. A field is said to be 
commutative (respectively monogenic) if, as a semifield, it is such. 

Morphisms for semifields and fields are those of the underlying rings. 

Given an associative and commutative ring with unit A, whose neutral element we will denote by 1a, 
a module over A (also called an A-module) is a structure (M, +, •) where [M, +) is a commutative group, 
and such that the function (called an external law) "•" is defined on all of AX M with values in M, is 
distributive both on the addition in A and the addition in M, and verify (Va: € M) 1a ■ x — x and 
(Va; e M)(Va S A)(V/3 e A) a ■ {f3 ■ x) ^ {a . P) ■ x. 

Given an associative ring with unit (A, +,.), an A-module (M, +, •) and a T C M, we will say T 
is a submodule if and only if (T, +) is a subgroup of (M, +), and T is stable for the exterior law [i.e. 
(Va e A)(yx eT)a-xeT). 

A vector space is a module over a commutative field. A sub-vector space is a submodule over a commu- 
tative field. 

Given two modules (M, -|-, .) and {N, f , •) over the same commutative ring A, a module (homo)morphism 
is a function 9 : M ^ N such that it is a group homomorphism from {M,-\-) to [N,]), and such that 
(Va e A)(Vr7i g M) 6{a.m) — a • d{m). Morphisms for vector fields are those of the underlying module. 
The usual morphism declinations apply here as well. 

Given a commutative and associative ring with unit {A, .), an algebra over A (also called an A-algehra) 
is a structure {E,-\-, x,-) where {E,-\-,-) is an A-module^'^, and the law "x" (the multiplication) E is A- 
bilinear, i.e. it is distributive over and (Va G A)(y (i £ A){\f x G E){Wy e E) (a ■ x) x (/3 • y) = 
(a./3) • (x X y). An algebra with unit is an algebra whose multiplication has a neutral element. In particular, 
an algebra is a ring, and an algebra with unit is a ring with unit. An algebra is said to be commutative 
(respectively power- associative, alternative, associative) if and only if the multiplication is commutative 
(respectively power-associative, alternative, associative). 

Given an associative ring with unit {A, .), an A-algebra {E, +,x,-) and a T C E, we will say T is 
a sub-algebra if and only if (T, -f,-) is a submodule of (i?, +,•), and T is stable for "x" {i.e. (V(a;,y) e 
T^) {x X y) G T). If {E, -|-, X, •) is an A-algebra with unit, with neutral element e, T will be a sub-algebra of 
an algebra with unit is and only if is is a sub-algebra of E and e € T. 

If E is an A-algebra with unit, we will also denote by E* the set of elements of E which have an inverse 
(for the multiplication in E); of course E* C E — {0} but the inclusion may be strict. As with rings in 
general, the magma with unit {E*, x) usually has a rather poor structure. 

''^It is well-known that undesirable things may happen otherwise, and that (T, +UxT' ^Itxt) "^^J happen to be a ring with 
unit, without being a "subring of a ring with unit" as per our definition; consider the square matrices of order two on R for A, 
and the matrices of the form ( q {j ) with a; € R for T. 

^^ )14l requires the multiplication to be commutative; we do not, however, in accordance with [2]. 

^^We do not limit ourselves to the case where A is a field, which is the most common situation f 1191 ...]), but which would 
be too restrictive for our needs in this document. 
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If E is an A- algebra with unit, whose neutral element we will denote by e, there is a natural epimorphism 
of rings with unit defined by [A — > i?; a > a • e]. It should be noted that this homomorphism need not be 
injective'^^! 

Given two algebras {E,+, x,-) and (-F, f,*,») over the same ring A, an algebra (homo)morphism is a 
function 6 : E ^ F such that it is a morphism of modules from {E, +, •) to f, •) and a morphism of ring 
from (ii^, +, x) to (F, f,*). If E and F are with unit, a morphism of algebra with unit is a morphism of 
algebra such that it is also a morphism of ring with unit from {E, +, x) to {F, f , *). The usual offshoots of 
the morphism family are dealt with as usual. 

A. 2. 2 Alternative rings 

We recall here some important properties of alternative rings that we need in this document. In particular, 
we present here a rather elementary proof of a classical, which is a special case of a theorem of Bruck and 
Kleinfeld CF"), itself an extension of a result due to Artin, classically known for algebras This is 

mostly for self-sufficiency's sake, but we believe it fits quite well with this appendix' emphasis on shades of 
associativity; it also is an opportunity to remedy what is most likely an unfortunate ellipsis in the presentation 
found in [2]. 

Given a ring {A, +, x) and a function f : A^ ^ A, we will say that / is additive with respect to the i^^ 
variable if and only if: 

(V(a;i, . . .,x^-i,Xi+i, ...,Xn) e yl""^)(Va; G A)(yx' G A) f{xi, . . .,Xi-i,x + x',Xi+i, ...,x„) = 

f {x\ , . . . , Xi — \ , X, XiJf-\ , . . . , X^i) -|- fi^Xi , . . . , Xi—i , X , Xi^\ , . . . , Xji) 

We trivially verify that a function / additive with respect to the i'^ variable takes the value when the 
variable takes the value 0, and that furthermore 

(V(a;i, . . .,Xi^i,Xi+i, . . .,Xn) G A'^^^){yx G A) 

f {X\^ . . . 5X2 — 1, X, Xi-^l , . . . , Xji^ f {-^1 1 ■ ■ ■ 1 •^'i — 1 ; '^Z-t-l ; ■ ■ ■ ; -^n) 

We will say that a function /, additive with respect to each of its variables, is alternated if and only if: 
(Vi e {!,..., n- l})(V(a;i,...,a;„) G [xi = Xi+i => f{xi,...,Xn) =0] 

Let us denote by S„ the group of permutations on {1, . . . , n} and, for a G 6„, by e^ the signature of a. 
We trivially prove that if / is alternated then f{xa-(i), ■ ■ ■ ,a;o-(n)) = £0- /{xi, . . . ,a;„), and that a function is 
alternated if and only if it is zero whenever any two variables have the same value, whether these variables 
are consecutive or not. 

Given any ring [A, +, x), we can always define the alternator by: 

a: A^ ^ A 

{x, y, z) I— > X X {y X z) — {x X y) X z 

and it is always true that the alternator is additive with respect to each variable. It is also always true that: 

(V (p, q, r, s) G A^) a{p x q, r, s) — a{p, q x r,s) + a{p, q,r x s) = p x a{q, r, s) + a{p, q,r) x s (T) 

(which is proved by simply evaluating both sides, and is known as the Teichmiiller identity). 

Another interesting function is the Kleinfeld function (which differ only in sign from the definition in 

?(P, q^r^s) ^qx a{p, r, s) + a{q, r,s) xp- a{p x q, r, s) 

which also is an additive function with respect to each variable. 

The alternator is interesting as we trivially prove that A is alternative if and only if a is alternated, and 
that A is associative if and only if a is the zero function. Likewise, a subset T of ^ is strongly associative 
(regardless of whether A is alternative or not) if and only if 

(V {u, V, w) G A^) [[[{u, v) G T^] or [(u, w) G T^] or [{v, w) G T^]] => a{u, v, w) = 0] 



^''The following example was communicated to me by M. Daniel R. Grayson: A = Wi and E = in this case e is not 

linearly independent on A. 
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and if A is indeed alternative, then T is strongly associative if and only if 



(V(u,w) e T^){yw G A) a{u,v,w) = 

As well we have (0): 
Proposition A. 3: 

// {A, +, x) is alternative then t is alternated. $ 

Proof: We first compute t{s,p, q^r) — px a{s, q, r) + a{p, q,r) x s — a{s x p, q, r). 

Using we find that l{s,p, q, r) — a{p x g, r, s) — o(p, qx r, s) + a{p, q,r x s) — a{s x p, q, r). 

However, writing for {q, r,s,p) we see that a{q x r, s,p) — a{q,r x s,p) + a{q,r, s xp) = qx a(r, s, p) + 
a(g, r, s) x p and since A is alternated, o(r, s,p) — a(p, r, s), so q, r, s) = a{q x r, s,p) — a{p x q, r, s) + 
a{q,r,s x p) ~ a{q,r x s,p). 

Since A is alternative, the associator is alternated, so a{p, qxr, s) ^ a{qxr, s,p), a{p, q, rxs) = a{q, rxs,p) 
and a(s x p, q, r) — a{q, r,s x p) and thus t(s,p, q, r) = —i{p, q, r, s). 

Since the alternator is alternated because the ring is alternative, we have g, r + s, r + s) — g, r, r) = 

q, s,s) — Q and so l{p, q, s, r) — —t{p, q, r, s). 

Finally, (| ^ f 3 ) ^'^'^ (1243) generate the symmetric group of order 4. $ 

The alternator is fundamental for proving the next theorem, which contrasts strongly with the case of 
magmas. 

Theorem A.l (Di-associativity of alternative rings): 

A ring is alternative if and only if it is di-associative, and if and only if all subrings generated by any two 
(not necessarily distinct) elements are associative. A ring with unit is alternative if and only if it is di- 
associative, and if and only if all subrings of a ring with unit generated by any two (not necessarily distinct) 
elements are associative. $ 

We will mostly, but not quite completely, paraphrase the proof in [2], which requires a few lemmas. 
We start with a technical result which shows that the presence of an additional law on which the product 
is distributive imposes some regularity on the product. 

Lemma A.l: 

Let (A, +, x) be any ring, and let (ox the set of all subsets of A which are strongly associative for "x ". Let 
G be a maximal element (for the inclusion) of Sx', then if G ^ 0, (G, +) is a group. $ 

Note that we know there are maximal elements in thanks to [A.lStrongly associative subsetsproposition.A.l| 
and the Zorn theorem. 

Proof: Assume that G 7^ 0. 

Let's first prove that € G. Consider K = GU {0}. Of course G C iiT, so as G is maximal, it is enough 
to prove that K is strongly associative. Let {u, v, w) S A^; if two of the three are in G, then a{u, v, w) = 0, 
because G is strongly associative, and if at least one is zero, then a{u, v,w) ~ as well because the alternator 
is additive with respect to each of its variables. Hence K is strongly additive. 

Let u G G; considering L = G U {— u}, and invoking the additivity of the alternator and the maximality 
of G, we see as well that — u e G. 

Let u G G, V G G; considering M = G U {u + v}, and invoking the additivity of the alternator and the 
maximality of G, we also see that {u + v) G G. $ 

Lemma A. 2: 

Let (A, +, x) be an alternative ring, H a subset of A strongly associative for "x " and F the subring of A 
generated by H ; then F is strongly associative. $ 

Proof: If _F = 0, there is nothing to prove. We therefore assume that F 7^ 0. 

As the subsets of F which are strongly associative for "x" are inductive for set inclusion, by [A.lStrongly associative subset? 
we may consider G the greatest (for set inclusion) strongly associative subset of F which contains H. to 
prove the lemma it therefore suffices to prove that G — F. 
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Using |A.l Alternative ringslemnia.A.l| we know that (G, +) is a group, so all that is left to prove is that 
it is also stable for "x" (as then G will be a subring of A containing H, F is by definition the smallest 
subring of A containing i?, and G C F). 

Let u G G, V G G, and consider L = GU {u x v}. Of course H C L (since H C G), and L C F (as F 
is a ring). Consider x€zL, yCzL, zCzA and a — a{x, y, z). If x £ G and y (z G then a = because G is 
strongly associative. Assume therefore that x = u x v. If we also have y = u x v then a — Q because the 
alternator is alternated. Assume therefore only that y G G. Using (jTJ we find that 

—a — a(x, z, y) — a{u x v, z, y) — o(m, v x z,y) ~ a{u, v,z x y) + a(u, v, z) x y + u x a(v, z, y) 

However, since u E G, v Q G and y E G and G is strongly associative, a(w,z,j/) = 0, a{u,v,z) = 0, 
a(w, v,z X y) — a(w, u, z') — and a(u, v x z,y) = a{u, z", = 0. Hence a = 0. The case where we assume 
X e G and y — ux v is deduced from the above by a{x, y, z) = — a(y, x,z). % 

Lemma A. 3: 

Let {A, +, x) he an alternative ring; for any x G A, the subring generated by x is strongly associative. $ 

Proof: Let H = {x}: H is strongly associative since the alternator is alternated. We conclude by using 
|A.2Alternativc ringslemma.A.2| $ 

Lemma A. 4: 

Let (A, +, x) be an alternative ring, T a subgroup o/(A, +), S a subset ofT, and U the subring generated 
by S. Lf{yx e S)[x xT CT andT X X CT] then TdU. $ 

Proof: Let V ^ {x £ U \ x X T C T a.nd T X X C T}. By hypothesis S CV. Let x e V, y e V and t e T. 

Let P = {x X y) X t. Obviously, P — x x {y x t) — [x x {y x t) — {x x y) x t], which by definition of the 
alternator means that P = xx {yxt) — a{x,y,t), or, as the alternator is alternated, P = xx{yx t) + a{x, t, y), 
which evaluates into P ^ x x (y x t) + x x (t x y) ~ {x x t) x y. 

Since y £ V and t £ T, we have both y x t <E T and t x y £ T. But y x t £ T and x £ V together 
imply X X {y X t) E T, and likewise x x {t x y), {x x t) x y E T. Since (T, +) is a group, this proves that 
{x xy) xt = P eT. 

Considering Q = t x {x x y), we likewise prove that t x [x x y) eT. 

Hence is a subring of A, and since S G V and U is the subring generated by S", then V D U. As 

V D U hy definition, this means that V ^ U, and therefore that x E U)[x x T C T and T x x CT]. 

AsT C U, this means that a fortiori, T xT C T, and so that T is a subring of ^. As S" C T by definition, 
and U is the subring generated hy S, T D U. $ 

Remark: If in |A.4Alternative ringslemma. A.4| T C U then of course T = U ... 
Lemma A. 5: 

Let (j4, +,x) be an alternative ring and X and Y two strongly associative subrings of A. The subring 
generated by X UY is associative. $ 

Proof: Let W be the subring generated hy X UY. 

Consider Z = {z E W \{y x E X){y y E Y) a{x,y,z) = 0}. 

We trivially see that (Z, +) is a group. Since X is strongly associative, we have X <E Z and likewise 

Y d Z. By definition we have Z C W . So W is also the subring generated by Z. 

Let x E X, x' E X, y EY , z E Z. 
Using (HI we find that 

a{x' X X, z, y) — o(x', x x z,y) + <x(x' , x,z x y) = <x(x' , x,z) x y + x' x a{x, z, y) 

but a{x',x,z) = and a{x\x,z x y) — because x E X and x' E X and X is strongly associative, 
a{x,z,y) = —a{x,y,z) — because x E X, y E Y and by definition of Z. As X is a subring of A, 
x" = x' X X E X, so a{x' X x,z,y) = ~a{x" ,y, z) — 0. Hence a{x',y,x x z) = 0. This proves that 
(Vx E X){yz E Z) X X z E Z. 

Using with {p,q,r,s) = {y,z,x,x') we likewise prove that {V x E X){y z E Z) z x x E Z. 

Since the alternator is alternated, Z can also be defined a,s {z E W \ {y x E X)(yy E Y) a{y, x, z) — 0} 
and what we just proved also implies that (Vy G F)(Vz e Z) [y x z E Z and z x y E Z]. 
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Using |A.4Alternative ringslemma.A.4| we conclude that Z = W; also (Vx G X)(y y e Y)iy w G 
W) a{x, y, w) = 0. 

Consider now Z' = {z € W \(y x G X)(\/y G r)(Vw G W) a{z,y,w) = a{x,z,w) = 0}. 

Again, {Z' , +) is trivially a group. We have just seen that (Vy G Y){'^w G W)[z G X =^ a{z, y, w) — 0], 
and as X is strongly associative, (Vx G X){\/w G W)[z G X a(x, z, w) = 0], so X C Z'. Likewise Y C Z'. 
By definition, C W. So is also the subring generated by Z'. 

LetxeX,yeY,y'&Y,weW,ze Z' . 

Using (HI we find that 

a(z X y, y', w) - a(z, y x y', w) + a(z, y, y' x w) = a(z, y,y') x w + z x a(y, y', w) 

but a(z,y,y') = and o(y, y',w) = because F is strongly associative, a{z,y,y' x w) = because is a 
subring and by definition of Z' , and o(z, yxy',w) — Q because K is a subring and by definition of Z' . Hence 
a(z X y,y',w) = 0. 

Using once more, we find that 

a{z X y, ui, x) — a(z, y x w, x) + a(z, y,w x x) = a{z, y,w) x x + z x a(y, w, x) 

but a(y, ui, x) =0 because Z = W, a{z, y,w) = by definition of Z' , a{z, y,wx x) — and o(z, yxw,x) ~ 
because is a subring and by definition of Z' . Hence a{z x y, w, x) = 0. 

These two results prove that (Vy G F)(Vz G Z') z x y G Z'. 

Using again, we find that 

o(y X z, w, y') - a(y, zxw, y') + a(y, z, uj x y') = a(y, z,w) x y' + y x a(z, w, y') 

but a(z,w, y') = and a(y, z,!;;) = by definition of Z', o(y, z,w x y') = because is a subring and 

by definition of Z', and a(y, z x w,y') — because is a subring and Y is strongly associative. Hence 
o(y X z, w, y') — 0. 

Using yet again, we find that 

a(y X z, w, x) — a(y, z x w, x) + a(y, z,w x x) — o(y, z, w) x x + y x a(z, w, x) 

but a(z, w, x) = and a(y, z, = by definition of Z' , a(y, z x w, x) = because is a subring and by 
definition of Z' , and a(y, z x w, x) = because ly is a subring and Z = W. Hence o(y x z, w, x) = 0. 
These two results prove that (Vy G F)(Vz G Z') y x z G Z'. 

As X and Y play symmetrical roles in the definition of Z', we have therefore also proved that (Vx G 
A:)(Vz G Z') [x X z £ Z' and z X X e Z']. 

Using |X 4 Alternative ringslemma.AT4| we conclude that Z' — W; also (Vx G X)(y y G Y)(y v G W){y w G 
W) a{x,v,w) = a{y,v,w) = 0. 

Consider finally Z" = {z G W \{y v G W){yw G W) a{z,v,w) = 0}. 

Once again, is trivially a group. We have also just proved that X C Z" and T C Z". By 

definition, Z" C W. So ly is also the subring generated by Z". 
Let xeX,y£Y,veW,weW,ze Z". 
Using as usual, we find that 

a(x X z, V, w) — a(x, z x v,w) + a(x, z,v x w) — a(x, z,v) x w + x x a(z, v, w) 

but a(z, w, w) = and a(x, z,v) = by definition of Z", and a(x, z, f x w) =0 and a(x, z x u, w) because 
is a subring and because Z' — W. Hence a{x x z, v, w) — 0. Likewise a(y x z, w, w) — 0. 
Using one last time, we find that 

a(z X X, w) — a(z, x x w) + a(z, x,v x w) — a(z, x, x w + z x a(x, w, w) 

but a(x, w, w) = and a(z, x, u) = by definition of Z" , and a(z, x, u x w) = and a(z, x x t;, w) =0 because 
W is a subring and by definition of Z" . Hence a(z x x, v, w) — 0. Likewise a(z x y, w, w) = 0. 

Using |A.4Alternative ringslemma.A.4| we conclude that Z" = W; also (Vu G W){yv G W){yw G 
W) a{u, V, w) = 0, which means that "x" is associative on W. $ 
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Proof (Di-associativity of alternative rings): Let {A,+, x) be an alternative ring. Quite obviously, if 
all subrings generated by any two (not necessarily distinct) elements are associative, then all submagmas 
generated by any two (not necessarily distinct) elements, being subsets of the subrings generated by the 
same two (not necessarily distinct) elements, are associative as well, and we already know that di-associative 
magmas are alternative. It therefore suffices to show that if a ring is alternative, then all subrings generated 
by any two (not necessarily distinct) elements are associative. 

|A.3Alternative ringslemma.A.3| tells us that given x £ A and y £ A, if X is the subring gener- 
ated by X and Y the subring generated by then X and Y are strongly associative subrings. We use 
|A. 5 Alternative ringslcmma.A.5| to conclude that the subring generated by {x,y} is associative. 

If now (A, +, x) is an alternative ring with unit, the same reasoning as above shows that it suffices to 
prove that all subrings of rings with units generated by two (not necessarily distinct) elements are associative. 

Given any two (not necessarily distinct) elements, x and y, of A, we know that the subring generated 
by {a;,?;}, which we will call S*, is associative. But if e is the neutral element for "x", then the subring of a 
ring with unit generated by {a;, is merely S* U K • e (where we have denoted by K • e the integer multiples, 
both positive and negative, of e), which is clearly also associative. $ 

We immediately deduce from that the classical result that an algebra is alternative if and only if it is 
di-assiociative, and if and only if all sub-algebras generated by any two (not necessarily distinct) elements 
are associative, and that an algebra with unit is alternative if and only if it is di-associative and if and 
only if all sub- algebras of algebras with unit, generated by any two (not necessarily distinct) elements are 
associative. 

We close this section with another property we will need (0). 
Proposition A. 4: 

Let [A, +, x) he an alternative ring with unit; then [A, x) verifies 

(V (a;, y, z) g A?) a(x^, z) — x x a{x, y, z) — a(x, y,z) x x (Rl) 
(V (x, y, z) e A^) a{x x y, x, z) ~ o(x, y,z) x x (R2) 
(V (x, y, z) e A^) a{y x x,x, z) = x x a{x, y, z) (R3) 

and also verifies ^M^, \M^, \M$, and |M3)) . $ 

Proof: The ring being alternative, |A.3Alternative ringsproposition. A.3| ensures that 6(x,.t,j/,z) = 0, wich 
is (|Rlll . Likewise t{x,y,x,z) = is (|R2ll and tiv.x.x.z] = is HR3|) . 
For (|M4|) . we compute 

X X [z X {x X y)] — [{x X z) X x] X y = 

{x X [z X (x X y)] — {x X z) X {x X y)} + {{x x z) x {x x y) — [{x x z) x x] x y} ^ 

a{x, z,x X y) + a{x x z, x, y) 

Using im we thus find that x x[z x [x x y)] — [{x x z) x x]x y — a(a;, zx x,y)-\- a{x, z,x) x y + x x a{z, x, y), 
and since the ring is alternative, a{x,z,x) — 0. Furthermore, since the ring is alternative, a{x,z x x,y) = 
— a{z X X, x, y) and we use (|R.2ll (applied to {x, z, y)) to find that x x [z x {x x y)] — [{x x z) x x] x y — 0, 
which is l|M4|l . 

For (|M5|I . we compute 

y X [x X {z X x)] — [{y X x) X z] X x = 

{y X [x X {z X x)] ~ (y X x) X {z X x)} + {{y x x) x {z x x) 

For (|M1(I . we compute 

{x X y) X (z X x) — [x X {y X z)] x x = 

{{x X y) X {z X x) — [{x X y) X z] X x} + {[{x x y) x z] x x — [x x (y x z)] x x} = 

a{x X y, z, x) — a{x, y,z) x x 

(jM2|l and (|M3|I are dealt with in a similar way. $ 



— [(y X a;) X z] X a;} = 

a(y, a;, z X a;) + a{y x x, z, x) 
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A. 2. 3 Derivation graph for several laws 

We present here a graph representing the "is-a" relationship for some of the most important structures in 
this second part of the appendix. We have used abbreviations akin to those of lA. 1.41 fie. "P.-A." stands for 
"Power- Associative" , "Alt." stands for "Alternative", "Ass." stands for "Associative" and "w. U." stands 
for "with Unit"). 



Ring w. U 



Semi-Field 



P.-A. Ring w. U 



P.-A. Semi-Field 



Alt. Ring w. U. 



Alt. Semi-Field 



Ass. Ring w. U 



Field 



Ring 



Module 




Algebra w. U. 



P.-A. Algebra w. U. 



Alt. Algebra w. U. 



Ass. Algebra w. U. 
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B A brief reminder about Gauss and Jacobi sums 



We spell out here what is briefly outlined in [51 page 147]. 

B.l Basic definitions and results 

B.l.l Multiplicative characters 

Let p be a prime number, fc ^ 1 an integer, q = and F = GF((7) the finite field of cardinal g; as usual 
F* ^ F — {0}, and we will denote hy Ip the neutral element for the multiplication in F. Recall that F is 
of characteristic p. 

A multiplicative character on F is a function x : F* ^ (D* such that (V (a, 6) E F*^) x(a • b) — x('^)x(^)- 
The character ep ■ [F* (D*,a 1] is extended to all of F as epiO) = 1, and any character % ^ cf is 
extended to all of F as x(0) = 0. Therefore, (V (a, b) G F^) [x(a • b) = xia)x{b) and ep{a ■ b) = ep{a)ep{b)]. 

One then proves (as an analogue to [51 proposition 8.1.1]) that if x is a multiplicative character then 
x(1f) = 1, and given a S F* , x(a) is a (g — I)"' root of unity and x(a^^) — xl*^)" — xi^)- 

Furthermore (mirroring ^ proposition 8.1.2]), given a multiplicative character x, we have: 



We also verify that, as in [51 proposition 8.1.3], the group of multiplicative characters is cyclic of cardinal 
q — 1, and that for any a E F* there is a multiplicative character x such that xi*^) li with the same 
corollary that if a e F* and a ^ If then ExGmuitipiicativo characters of f x(a) = 0. 

B.l. 2 The = a equation in GF{q) 

As well, one sees that (just like in proposition 7.1.2]), given a G F*, the equation a;" = a has solutions 
in F if and only if a^~d~ = If, with d = PGCD(n, q — 1) (i.e. d is the smallest common multiple of n and 
q — 1), and if there are solutions, then there are exactly d solutions. 

From that, one deduces (as [51 proposition 8.1.4]) that given a & F* and n\{q—l) {i.e. a n which divides 
q — 1), if a:" = a is not solvable in F*, then there exists a multiplicative character character x such that 
X" = ep and x(a) ^ 1. 

This, of course, leads to the result (corresponding to [HI proposition 8.1.5]) that the number of solutions 
of the equation = a in F, which we will write N{x" = a), is given by N{x^ — a) — X]x"=eF x{(^)i if 



B.1.3 Galois trace 

Recall that given p a prime number and /c ^ 1 an integer, then GF(p) is isomorphic, through some 
isomorphism Jfp^^ : GF(p) GY{p^), to the subfield of G¥{p^) defined by {a £ GF{p'^) \ aP = a}. 



Recall that GF(p'°) is an algebra over GF(p), and that ti-pk is a surjective GF(p)-linear operator. 



^^The unfortunate verbosity is to ensure there is no confusion with the Cayley trace, as we will be using both notions in this 
document. 




"1(9-1). 
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B.2 Gauss sums 



Let us define in this appendix, for convenience's sake, (^p = e~ . Since, given a e TLj-pTL and a e a then 
(V e a) Cp = Cp J we can unambiguously define C° as the common value of Cp for all a e /3. Wc can therefor 
(identifying GF(p) with TL/pl) define the function 



V': F 
a 



(D 

^tr(a) 



The salient properties of V' are that (V(a,/?) S F"^) ^{a + /?) = ^{a)'ip{/3), {3ao € -F) ?/'(ao) 7^ 1, and 
X^qgf V'(a) = 0. Another crucial property is: 



(? if /3 = 
otherwise. 



We finally define gaix) — X]/3gf • P) to be a Gauss sum belonging to the character x (and 
relative to an a S F). We will also define g{x) = 91f{x)- 

One can then prove (as for [3 proposition 8.2.1]) that ga{x} takes the following values: 





a = 


a 7^ 


X = ^F 


q 





X 7^ 





X(a""^)5(x) 



As well (mirroring [HI proposition 8.2.2]), g{x ^) = .9(x) ~ x(^lF)ff(x) and if furthermore X 7^ C-F then 
5(x) ff(x^^) = x(-1f) q, which together imply that \g{x)\ = V?- 

B.3 Jacobi sums 

Given t (at least two) multiplicative characters on _F = GF(q), xi, ^2, • • . , X^? the Jacobi sums of these 
characters are defined to be: 



J{Xi,X2,---,Xi) = X! Xi(*i)X2(i2) • ■ -xK^^) 
Mxi,X2,---,Xi) ^ X! Xi{ti)x2{t2) ■ ■ ■ Xeite) 



ti+t2---+te=0 

Additionally we will define J(x) = If for any multiplicative character x- 

The Jacobi sums verify the following properties (rewriting of ^ proposition 8.5.1, theorem 3, corollary 1 
and corollary 2]): 

if (Xi, • ■ • , Xt-i) = (ef, • . • , ef) then 

Ji^Fi^F, ■ ■ ■ , Cf) — Joi^F, EF, ■ • • , Ef) ~ q^^^ 

else {i.e.: (xi, • ■ • , Xt-i) (^f, • ■ • , ef)) 

if Xi = fiF or X2 = ef or . . . or X£ cf then 

J{^F, ef, ■ • • , ef) = Joi^F, cf, ■ ■ • , ef) = 
else {i.e.: xi 7^ ^f and X2 7^ cf and . . . and xe 7^ ef) 
if X1X2 • • • Xf = fF then 

jQ{eF,£F, . . . ,eF) = (<7 - 1) X£(-1f) J(xi, X2, • ■ ■,Xi-i) 
J{Xi,X2, • • • ,X£) = -Xi?(-lF) J{xi,X2, ■ ■ ■,Xe-i) 
9{xi)9{x2) ■ --gixi) ^qxe{-iF) J{xi,X2, ■ ■ • ,X^-i) 

else 

Jo{€f, cf, ■ • ■ , ef) = 

S'(Xi)ff(X2) • --gixe) = 5(XiX2 ■■■Xi) Jixi,X2, ■■■,Xi) 
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C Cayley algebra versus Quadratic algebra and others 



There are unfortunately several rather different meanings to the term "quadratic algebra" . 

One of these 1221 IS]*) is to say that every x in the algebra with unit E (with neutral element e) over 
the commutative and associative ring with unit A, satisfies an equation of the form x'^ — t{x)x + n{x)e — 
for some t{x) G A and n{x) S A. For this meaning of the term "quadratic algebra", all Cayley algebras are 
quadratic algebras. 

Another meaning to the term "quadratic algebra" is found in [5]. For this other meaning of "quadratic 
algebra" however, the main thing to keep in mind is that these two kinds of structure, while related, and 
sometimes overlapping (some algebras are both quadratic algebras and Cayley algebras), are different things. 
We will highlight here some of the similarities and difference between them. 

Let (A, +,.) be an associative and commutative ring with unit, whose neutral element we will denote 
by 1a- An A-algebra (£',+, x,-) is a quadratic algebra over A if and only if it admits, as an A-module, a 
generating'^^ family (61,62) such that the multiplication ("x") verifies 

el = 61 

61 X 62 = 62 X 61 62 

62 = a • 61 + /9 • 62 

for some {a, (3) G A'^, and we then say the quadratic algebra is of type {a, (3), though this is not an intrinsic 
property of the algebra, i.e. the algebra can happen^"^ to also be of type (a', /3') with {a', (3') ^ (a, f3) (using 
another family). 

As such, quadratic algebras are necessarily commutative, associative and with unit (with neutral element 
61), and this is of course not true of every Cayley algebra (take the classical quaternions or octonions for 
instance) which means there are structures which are Cayley algebra but are not quadratic algebras (as 
we give examples of below,). As well, this also means any quadratic A-algebra can be made into a Cayley 
algebra, over itself if perhaps not over A, by using the identity as conjugation. 

It is worth noting that if one makes a Cayley algebra out of an associative and commutative ring with 
unit A, considering it as an algebra over itself and using the identity as conjugation, then applying the 
Cayley-Dickson process with a constant (, then one gets a structure which is both a Cayley algebra and a 
quadratic algebra of type 0), when considering the basis ((1^, 0), (0, 1a)), of A"^ over A. Of course, then 
the conjugation over A^ is usually no longer the identity^^ and reiterating the Cayley-Dickson process over 
this new structure yields another Cayley algebra which is usually not a quadratic algebra over either A or 
A^ (this is the case with A = IR yielding first (D and then H, for instance). 

Like Cayley algebras, quadratic algebras have a "natural" doubling process, which, of course, produces 
structures which always are quadratic algebras, but are usually not Cayley algebras. If {A, +, .) is an 
associative and commutative ring with unit (with neutral element 1^), (£-, +, x, •) is a quadratic ^-algebra 
(with neutral element Ie), and a and P any two elements of E, then on F = EXE wc consider the following 
laws: 

f: FXF ^ F 

(ix,y),{x',y')) i-^ {x + x',y + y') 
*: FXF ^ F 

{{x,y),{x\y')) '-^ {x X x' + a X {y X y),y X x' + y' X X + (3 X {y X y')) 
• : EXF F 

iX,ix,y)) ^ {Xxx,Xxy) 

it is then trivial to check that {F, f , •) is a quadratic _B-algebra, of type (a, f3) when considering the basis 
((1b, 0), (0, 1e)) of F over E. Indeed, when one starts with E = A, apply first the above doubling using 
constants a and f3 in E — A and then apply the Cayley-Dickson process using a constant C ^ E — A 
and the identity on £^ = yl as conjugation, the result is known in literature ([2]) as a quaternion algebra 

^®We do not impose the family to be linearly independent over A, so as to accept perhaps pathological cases such as A = TLI2TL, 
which can be seen as a quadratic algebra of type (1,0) over itself, using the family (ei, 62) = (1, 1). 

^'^It should also be born in mind that, where Cayley algebras are concerned, applying the Cayley-Dickson procedure with 
different constants may happen to yield isomorphic structures. 
Though it may still be, if for instance A is of characteristic 2! 
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of type (a,/3, — C). This, of course, is a Cayley algebra, but usually not a quadratic algebra (either over 
E = A, or £'^). One can therefore usually not indefinitely "knit" the two kinds of doubling, which makes 
this construction rather ad'hoc. 

There are also other known ways to build useful algebras in a way reminiscent of the Cayley-Dickson 
process. One of the better known ([S]) is to consider a commutative and associative ring with unit A, with 
neutral element 1a, and build the algebra H{A) = A + AI + AJ + AK with P = J'^ = K'^ = IJK = -Ia- 
With A — one obtains H, the usual quaternions, and with A = (C one obtains what is known as the 
complex quaternions (or biquaternions) f[7l ll3| ). 

There is at least one more construction which deserves consideration, and which does not seem to fit well 
with those we have considered so far: that of the sedenions. 

In 2] Carmody presents constructions originally due to Muses, some of which (the counter-complex, 
counter-quaternions and countcr-octonions) are easily seen as examples of the Cayley-Dickson process in 
action. Indeed, we can draw the following fiUiation graph (where R, (D, H and © stand for the set of real 
numbers, the set of complex numbers, the quaternions and the octonions respectively; X we have dubbed 
the hexadecimalions, [S], but see below): 




There is also a structure on R^^, which has been called by Muses and Carmody, the sedenion. That 
structure is different from that of X, as we shall see, but unfortunately the name "sedenion" has also 
(posteriorly) been used to designate the hexadecimalions (|S] and, at the time of this writing, ITI). 

We will keep the name "sedenion" to designate the construct of Muses and Carmody. It has the following 
Cayley (multiplication) table: 
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There is an involutivc automorphism of the sedcnions defined by 

cr{x + ai ii + ■■■ + + l3i ei + ■■■ + f3j 67 + t uj) = X — ai ii ~ ■■■ — ai ii — Pi ei — ■■■ — Pi ej + t Lu 

which does not make the sedenions into a Cayley algebra (because the image of [a; 1— > a; + cr(a;)] is not 
contained in R), but such that if we define ^ by ^{x) = xa{x), then ,yV{xy) — ,yV{x)jy{y). This, 
actually, is what seems to have driven the creation of the sedenions. 

There are varying expectations on how a "norm" defined on an algebra should behave. For norms taking 
their values in a valuated field, the least one would expect would be that the norm of the product of two 
elements to be smaller or equal to the product of the norms of the elements (the usual rule for square 
matrices of reals, seen as linear operators). A more stringent requirement is the "composition" behavior, by 
which the norm of the product of two elements is equal to the product of the norms of the elements (the 
usual rule for reals, complex, quaternions and octonions). 

Without any assumption on associativity for the multiplication of that algebra, either behavior can 
fail to be met. For instance, consider in X, a; = i + j" and y — e' + k'" , then x x y = 2j' — 2j"' and 
^^(x X y) — 8 > A — J/'^{x) X c/^(y), where we have considered the Cayley norm as taking its values in R, 
as explained earlier. Also, if we consider the following example given by Carmody, z — i + e'e" — i + e!" and 
t = j + k'e" = j + k'" , then z x t = and ^(z x = < 4 = -jVj^^z) x jVj^it). There is therefore really 
no reasonable relation to be expected in X between the norm of a product and the product of the norms! 

The sedenions, as we have said, display the "composition" behavior; they are not a composition algebra 
(I22Eni) however, because the norm is not non-degenerate. According to the algebra is alternative, and 
verifies l)M5(l , HM4(I , HM3|I and HM2|I . It is also riddled with zero divisors (as it contains the counter-complex, 
counter-quaternions and counter-octonions; it also contains the octonions). 

While the construction of the sedenions could be carried out on other rings, it does appear like a stunning 
ad'hoc construction. 
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